Researcher Cracks The Apple Watch Code — Here’s What It Means For Forensics

The Apple Watch has been jail-broken, and the researcher who broke the code believes the technique could offer a critical back door for forensics experts who need access to the data within the system.

There have been multiple federal cases in which the government has endeavored to search an Apple Watch. In an Ohio drug trafficking investigation, police were unable to execute a warrant to search an Apple Watch Series 2. They did, however, manage to get the data from the suspect’s iPhone.

Since the investigation is ongoing, the exact means of access has not been publicly detailed, cops may have forced the suspect’s fingerprint onto the TouchID sensor or obtained the data by other means.

But the implications are clear: Wearables contain info that cops want — basically, all the same stuff that’s on a person’s phone — and they don’t have the same level of hardware security. So, it’s only a matter of time before these wearables could start to play a major role in forensics investigations.

The researcher who jail-broke the Apple Watch, Max Bazaliy of the security firm Lookout, leveraged three vulnerabilities in the Watch, all of which have been patched in the latest version (released in January).

Bazaliy said he started by analyzing the WatchOS kernel, which required him to crash the device repeatedly using one of these vulnerabilities over the course of two weeks. Each crash leaked four bytes of the kernel — Bazaliy had to collect 700 bytes in order to take the next step.

He then installed an app to launch the jailbreak, enabling connections with other devices like laptops to look through the data inside. This step has another application: For the tech-savvy renegade, it could allow a user to customize a device with non-approved apps.

While Bazaliy’s method won’t be of much use for long — since Apple has addressed the vulnerabilities — it does demonstrate that a determined person can get around Apple’s protections, and the Watch may be the weakest link. It can even be used to open linked Mac computers for further investigation.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

Click to comment