back to article Crafty fingering could let Apple Watch thieves raid your bank account

Deft watch thieves could circumvent the biometric security in an Apple Watch to empty your bank account. The Apple Watch uses the heart rate monitor to tell when it has been taken off your wrist. This locks the watch so that you need to enter a PIN to use the watch again, but means you don’t have to enter a PIN every time you …

  1. Jimmy2Cows Silver badge

    Fixed delivery addresses?

    Does ApplePay only allow purchased items to be shipped to a registered address a la PayPal? Or can they go to any address?

    For the former, it'd be mildly irritating that a load of stuff turned up on your doorstep when you didn't buy it, but at least you could return it. So not such a big deal.

    If the latter, and any delivery address can be specified without supplementary checks then sure, this is potentially a big problem.

    1. Simon Rockman

      Re: Fixed delivery addresses?

      It's for use at point of sale. You pick up the swag, tap and leave.

  2. Anonymous Coward
    Facepalm

    I think...

    I think I would notice if someone tried to slip his finger under my watch and tried to rip it off my wrist...

    1. Elmer Phud

      Re: I think...

      There is a joke in there somewhere - the usual sniping at iUsers and 'one off the wrist'.

    2. tmTM

      Re: I think...

      I think if a criminal is that slick to be able to steal a watch in that way then they'd probably have already gone straight for your wallet, and iphone, jacket and the shirt off your back.

    3. Circadian

      Re: I think...

      @ malle-herbert

      You'd hope to. The reality is different. See Ted talk (less than ten minutes) on Youtube

      https://www.youtube.com/watch?v=GZGY0wPAnus

      (And @ tmTM - yes you're right :)

      1. bluesxman

        Re: I think...

        The last 4 characters of that YouTube link (the link itself) triggered my (childish) snirking reflex.

  3. breakfast Silver badge
    Holmes

    The art of theft

    "For a skilled entertainer, this would be no problem" - the question is who counts as a skilled entertainer? Do the Chuckle Brothers count?

  4. Ivan Headache

    Richard Branson

    was (and probably still is) a dab hand at removing watches from unsuspecting travellers on flights on which he was travelling.

    He would do some meet and greet with some of the passengers and surreptitiously remove their watches and then ask them if they were still on UK time or had changed to US time.

    Hilarity always ensued.

  5. Anonymous Coward
    Joke

    Pointless...

    Just dangle something shiny in front of the iWatch wearer if you want their money.

    Why bother with all of that theft, accounts and plod avoidence?

  6. ThomH

    The scenario is far-fetched

    ... in that you need to find someone with an Apple Watch that actually uses Apple Pay. The best thing I can think of to say about the latter is that it's proof that Apple users won't use things just because they're told to.

    "Eleven per cent of credit card-owning households and 66 per cent of iPhone 6 owners in the US have signed up for Apple Pay, four months after it was launched [...] However, issues like low repeat usage ... are hindrances in its success. [...] 48 per cent of users have paid with Apple Pay just one time" — Mobile World Live

    "More than 95 percent of iPhone 6 and 6+ users who could have paid with Apple Pay on Black Friday didn’t [...] Five weeks after the launch of Apple’s revolutionary payment method more than 90 percent of these users hadn’t even given it a try." — Pymnts.com

    "It’s no accident that numbers on actual Apple Pay usage are hard to come by. As a percentage of total sales it has to be inconsequential." — Forbes

    1. Jason Bloomberg Silver badge
      Coat

      Re: The scenario is far-fetched

      There is value in a lifted iWatch even if it is not usable with Apple Pay. If it is that's a bonus.

    2. Eddy Ito

      Re: The scenario is far-fetched

      "48 per cent of users have paid with Apple Pay just one time"

      That's the best mark. It's all set up, used once and never looked at again. That easily gives the thief a month to plunder as much as they like.

  7. Anonymous Coward
    Anonymous Coward

    Next - Apple iSuppository

    The only way to remove it is to skillfully slide a lubricated finger..

    1. Anonymous Coward
      Anonymous Coward

      Re: Next - Apple iSuppository

      Shouldn't it be self lubing? It's supposed to be easy to use after all.

  8. Indolent Wretch

    "He pointed us to a book, Professional Stage Pickpocket" and while doing that he probably had your wallet.

  9. Henry Wertz 1 Gold badge

    "The best thing I can think of to say about the latter is that it's proof that Apple users won't use things just because they're told to."

    Umm, yeah, actually Apple users do use things because they're told to, as near as I can tell. I mean, look at the Apple Watch for a good example. What a useless device but people are buying them anyway (and overpriced compared to the Android watches that have been out for like a year already). And, per the quote you have just below this statement, all these people signed up for Apple Pay (66% of IPhone6 users?). You know for this watch thing to work, they don't actually have to USE Apple Pay, just sign up for it? Well, they have.

  10. Anonymous Coward
    Anonymous Coward

    If you're that good of a pickpocket

    Why not steal Rolexes or lift wallets instead of betting that your mark has his watch enabled for Apple Pay?

    1. ZippedyDooDah

      Re: If you're that good of a pickpocket

      No stealing required for the watch.

      Flatter the wearer and ask if you can try it on... "It is so cool I can't believe it!"

      iMuggins will obviously oblige then you take it and run away.

  11. Number_6

    you forgot to mention the perp would have to go for the phone also, watch is useless for apple pay without it, aka non-story!

    1. Brangdon

      From the article: "The Watch doesn’t check to make sure the phone is still around before yielding its token to the payment terminal." So no, they don't need to steal the phone as well, and it's not a non-story.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like