Researcher Cracks The Apple Watch Code — Here’s What It Means For Forensics

The Apple Watch has been jail-broken, and the researcher who broke the code believes the technique could offer a critical back door for forensics experts who need access to the data within the system.

There have been multiple federal cases in which the government has endeavored to search an Apple Watch. In an Ohio drug trafficking investigation, police were unable to execute a warrant to search an Apple Watch Series 2. They did, however, manage to get the data from the suspect’s iPhone.

Since the investigation is ongoing, the exact means of access has not been publicly detailed, cops may have forced the suspect’s fingerprint onto the TouchID sensor or obtained the data by other means.

But the implications are clear: Wearables contain info that cops want — basically, all the same stuff that’s on a person’s phone — and they don’t have the same level of hardware security. So, it’s only a matter of time before these wearables could start to play a major role in forensics investigations.

The researcher who jail-broke the Apple Watch, Max Bazaliy of the security firm Lookout, leveraged three vulnerabilities in the Watch, all of which have been patched in the latest version (released in January).

Bazaliy said he started by analyzing the WatchOS kernel, which required him to crash the device repeatedly using one of these vulnerabilities over the course of two weeks. Each crash leaked four bytes of the kernel — Bazaliy had to collect 700 bytes in order to take the next step.

He then installed an app to launch the jailbreak, enabling connections with other devices like laptops to look through the data inside. This step has another application: For the tech-savvy renegade, it could allow a user to customize a device with non-approved apps.

While Bazaliy’s method won’t be of much use for long — since Apple has addressed the vulnerabilities — it does demonstrate that a determined person can get around Apple’s protections, and the Watch may be the weakest link. It can even be used to open linked Mac computers for further investigation.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The September 2019 AML/KYC Tracker Report provides an in-depth examination of current efforts to stop money laundering, fight fraud and improve customer identity authentication in the financial services space.

Click to comment


To Top