Apple should improve Apple Watch's security, but the fear of theft is overblown

15.05.2015
A small tsunami of stories appeared online on Thursday about the ease of resetting the Apple Watch. Even if the Watch is set to require a passcode to unlock when it's removed from your wrist, Apple provides clear instructions on how to erase it, bypassing the passcode completely. Unlike an iPhone, which has Activation Lock to prevent it from being wiped without the original owner's iCloud password, there's no way to prevent a stolen Apple Watch from being erased and re-sold.

Some outlets and individuals had a moderate response, but others were outraged. Surely this makes the Watch eminently desirable by thieves, who, knowing that it's possible to resell with ease, will be targeting and preferentially snatching them off wrists.

Hardly, although Apple does need to step up its security game--and surely will. Out of the gate, the company is making it simpler for people to avoid locking themselves out of their Watch. As the product's software inevitably matures and there are more Watches in the wild, the whole issues will shift. For now: keep it secret, keep it safe.

Hands off

Judging by sales of watches worldwide, at least tens of millions of people own a watch with a resale value in the range of the Apple Watch Sport and stainless-steel versions. Some millions apparently own watches that approach or exceed the Watch Edition.

People who already wear watches are already subject to irrevocable theft: no built-in tracking devices or lock-out procedures exist for nearly any of them. And they're much more fungible: a Rolex has a value that varies around the globe, but people are willing to buy and sell them nearly everywhere. More expensive watches contain identifying numbers, and if brought to a repair center or dealer, may be checked against industry and manufacturer-maintained lists of stolen items.

Given that somewhere on the order of a few tens of thousands of Apple's watches have shipped to buyers so far, they're a drop in the bucket. They're enormously less likely to be stolen because there are so very few of them relative to all watches, and there's no specific identifier that one is wearing one, unless you feel the need to talk about it all the time. Those people who bought an Apple Watch and were already regular watch wearers know how to avoid showing off a watch in the wrong circumstances.

It should also be highly suspicious if anyone is selling an Apple Watch. While prices online at Craigslist and elsewhere are above retail, there are still just a trickle being re-sold. This should make buyers wary, and police are already known to watch online classifieds to track trends in fenced merchandise.

Apple introduced Activation Lock in iOS 7 in combination with Find My iPhone, requiring an iCloud login to setup a phone on which the feature was active. According to a report earlier this year in Reuters:

The number of stolen iPhones dropped by 40 percent in San Francisco and 25 percent in New York in the 12 months after Apple added a kill switch to its devices in September 2013. In London, smartphone theft dropped by half, according to an announcement by officials in the three cities.

That's terrific, especially when you factor in how many more iPhones Apple sold between September 2013 and the following year. (Numbers weren't reported, but it's hard to imagine the police adjust thefts relative to unit volume sold.) The message got out to thieves, though robberies obviously didn't stop.

Unless a mugger has targeted someone with an iPhone, he or she is taking the risk that they might get an Android, Windows Phone, or BlackBerry, or some non-licensed Android-related model, like an Amazon Fire Phone. Only some of those phones can remain locked even after being erased by a thief or through a remote bricking.

However, I'm not arguing against the utility and the requirement that the Apple Watch be harder to wipe and sell. Rather, that the immediate risk exposure is low; Apple should and certainly will do more. But there's a bit of misdirection: theft-deterrent and theft-recovery options don't keep your hardware from being stolen, but they do help prevent your personal data from being misused. The Apple Watch already has that feature.

Silent alarm activated!

Activation Lock and other Find My iPhone features, and similar options from other smartphone and app makers, put the fear of, uh, goodness and authority in the hearts of criminals. That has some effect, clearly. Theft-recovery help, such as displaying a reward message on a device or pulling up its point on a map or its track across space, may lead to its recovery.

But cost aside (even offset by any potential insurance recovery), your personal data may be more valuable and losing it having a greater and more irritating short-term and long-term effect. So long as you have the Watch's passcode option enabled in the Apple Watch app for iPhone, whenever it's removed from your wrist, it locks. A stolen Apple Watch can be wiped, but your own data can't be accessed without the passcode. If you're still concerned, you can disable the "Unlock with iPhone" option in the Passcode settings in the Apple Watch app for iPhone. (The passcode has to be enabled to use Apple Pay.)

Apple has a variety of pathways to improve on discouraging thieves through buzz and helping to recover a Watch, all of which can be accomplished with existing hardware:

Force the Watch to connect to arbitrary free Wi-Fi networks after erasure to check in whether it's been marked as "lost" in Find My iPhone. There are hundreds of thousands of such networks, and Apple already knows how to connect to them when an "I accept" button or other click-through needs to occur.

If Wi-Fi isn't available, after a Watch is erased and someone tries to re-pair, a network connection via the iPhone should be mandatory.

Don't allow a Watch to be erased when it's out of Bluetooth and Wi-Fi range of the associated iPhone. The odds of that needing to happen are quite low.

If a paired iPhone is lost, require a phone call or an Apple Store visit to re-pair the Watch. This is comparable to Apple's requirements for some iCloud password resets and escrowed FileVault recovery key retrieval.

Register the Watch's serial number with iCloud, and require an SMS or other operation to unlock it for use after erasure unless it's paired with the same iPhone by serial number or iCloud account. Make it easy to transfer a Watch's ownership, just as it's possible to transfer a device or AppleCare ownership today through Apple's site.

It's bewildered me as a business model that the makers of mobile equipment, Apple and others, haven't relied more on the built-in serial number in devices, given that they typically immutably burned in and already easily available in places like My Support Profile. Why There has to be some sort of revenue advantage or liability issue, but it's still baffling.

The Apple Watch, with less connectivity, is going to have to have to rely more on its serial number and its paired iPhone.

Apple has minor updates to the Watch OS coming, almost certainly in a matter of less than a month, given how its OS upgrade cycles work. Then there will likely be a major update later in the year when developers are given greater access to make apps that run directly on the Watch. Theft-related issues certainly can't be ignored as more Watches hit the market, and some negative news articles are sure to follow the first thefts.

Just as you shouldn't pull out a phone, tablet, or laptop in a situation where you're vulnerable, you should take the same precautions with your Watch--as you would with any wristwatch worth more than a pittance. Also, don't take the shortcut home through Crime Alley. Didn't the name already make that clear

(www.macworld.com)

Glenn Fleishman