Crafty fingering could let Apple Watch thieves raid your bank account
Artful dodge nets access to linked credit cards
Updated Deft watch thieves could circumvent the biometric security in an Apple Watch to empty your bank account.
The Apple Watch uses the heart rate monitor to tell when it has been taken off your wrist. This locks the watch so that you need to enter a PIN to use the watch again, but means you don’t have to enter a PIN every time you do want to use the watch.
Unfortunately the watch only polls the heart rate sensor once a second. This is fine for most circumstances and necessary to keep the watch from locking itself unless you want to keep the strap overtightened.
Unfortunately this opens up the way for a skilful prestidigitator to slide a finger under the sensor ahead of removing the watch and lift it without triggering the biometric lock. Website Gadgethacks (YouTube video) has demonstrated that this can, in turn, open the way to using the stolen Watch to buy things with ApplePay.
The stolen sort-of-timepiece serves as a proxy for the mark’s contactless credit card even if it’s only the Watch which is stolen and not the phone to which it is paired. The Watch doesn’t check to make sure the phone is still around before yielding its token to the payment terminal.
Still, if you have your phone, you can at least call to switch off Apple Pay if your watch gets pocketed.
We checked out the likelihood that a pickpocket could steal slide a finger under a watch while stealing it without the victim noticing. Martin Macmillan of Clerkenwell magic supplies shop International Magic said that, for a skilled entertainer, this would be no problem.
Stealing a watch, we're told, is all about holding the mark in the right way and applying pressure, and - more importantly - the release of pressure to create the correct distraction. He pointed us to a book, Professional Stage Pickpocket, so while Gadgethacks might maintain that the scenario is far-fetched, we believe otherwise. ®