Skip to main content

Thieves can bypass Apple Watch passcode to pair a stolen watch with their own phone

apple-watch-reset

Wrist-detection on the Apple Watch is supposed to ensure that it will ask for the passcode if removed from your wrist, but as a YouTube video posted by iDownloadBlog demonstrates, a thief is able to reset the watch without having to enter the passcode. They are then free to pair it with any other iPhone.

iPhones are protected by Activation Lock, which means that even if a thief performs a hard reset of the phone, it cannot be reactivated without the original owner’s Apple ID and password. The Apple Watch, however, has no such protection, and does not require a passcode to wipe it – as shown in the video below … 

Since Activation Lock was introduced in iOS 7 and turned on by default in iOS 8, there has been a dramatic reduction in iPhone thefts around the world, officials noting reductions of 25% in New York, 40% in San Francisco and 50% in London.

The Apple Watch is theoretically protected by a passcode which has to be entered if the device is removed from your wrist, but an apparent bug allows a hard reset to be performed without it.

A hard reset is carried out by a long-press of the Contacts button until a power-off option is offered. Force Touching this option brings up a dialogue offering to erase all contents and settings, which can be executed simply by placing the watch on the charger – no passcode required.

[youtube=https://www.youtube.com/watch?v=cOcd7xx0vMs]

I verified this with my own Apple Watch, and it works exactly as shown.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Milorad Ivović - 9 years ago

    It’s not completely disappointing. At least the data integrity remains intact, so Watch apps like 1Password aren’t compromised. The physical device is more easily replaced than any havoc created (or data stolen) as a result of exposed passwords.

    So, it’s not great, but not a complete tragedy.

    • Hi, Milorad. You are absolutely correct that the device is easier to replace than the data that’s stolen; however, I believe most people would be more worried about their watch being seen as a ‘quick flip’ to criminals instead of a useless brick to criminals. That’s the difference between getting robbed, and mostly injured during the robbery, or the criminal passing you up and you going home without incident.

      It’s not the same as wearing a $500 mechanical watch. There’s a reason why, at least in my city, iPhones are more stolen than Samsungs. Both the Galaxy S5 and iPhone 5s were around the same retail price, but it’s something about Apple products that tickles criminals’ fancy more than Android. I see it first hand, my friend.

      Well being > Data > Device

      • peteostro - 9 years ago

        Your a 100% right here, I mean the wedding ring on my finger cost more than the watch, but man If it was going to steal anything it would be the apple watch. So easy to get of the wrist…./S

    • dvdv0815 - 9 years ago

      I completely disagree here. You are right that the data is the most important thing but we are talking about a programming mistake by Apple. It is very disapointing that something like this happens and it has to be fixed. Just because we do like Apple products we should be able to note when mistakes were made and expect Apple to have them fixed immediately.

      • Milorad Ivović - 9 years ago

        1) You completely disagree, but I’m right about data being the most important thing. Okay. Sounds partial, but okay.

        2) You called it disappointing. I also called it disappointing, just not completely disappointing. I also said it wasn’t great, but simply not a total tragedy. For you to completely disagree, you would surely feel as if it is indeed a complete tragedy. Do you?

        3) When in flying figjam did I say it didn’t have to be fixed? Are you on crack?

        Just because we do like Apple products we should be able to note when mistakes were made and expect Apple to have them fixed immediately.

        4) A little less knee-jerk evangelism from you would be great. How about you read my comment again, and this time try to remember that you’re not the only person on the internet, who isn’t a complete idiot.

        4a) I never excused it. I simply put the matter in perspective. It’s a $400-$1000 liability, not a potential compromise of an entire corporate network (which it could be, if data could be stolen)

        4b) I certainly did note it as a problem, or mistake… but it seems a bit retarded to emphasise that pedestrian little point, in an article which is ENTIRELY about it being a mistake.

        4c) You can expect them to fix it immediately if you like. I live in a country with gun laws, and a $16 minimum wage, so street crime isn’t as big an issue for me, as it might be for you — that’s the nature of individual priorities. Yours differ to mine.

        That doesn’t make either of us wrong, in case you’re wondering. Now enjoy that self-righteous anti-fanboy posturing. Toodles.

  2. friedmud1 - 9 years ago

    This is a bummer. As someone wearing the Watch in a big city this has definitely been on my mind. My wife was concerned with me taking the subway late at night (which I do often) with the watch on.

    For now, I’m just taking the watch off when I’m in sketchy situations. I simply don’t want to be a target.

    • rogifan - 9 years ago

      Are you really worried someone is going to come after you because you have an Apple Watch? Is it really that in demand by thieves?

      • Kevin Bannon (@BannonKJ) - 9 years ago

        People get robbed with no visible evidence of smartphones/smartwatches etc. Those idiots would rob you for 3 dollars in your pocket, let alone something they can sell for several hundreds. I’m with Friedmud1-my apple watch is coming off on those late night subway rides.

      • freshpressedguest - 9 years ago

        Awareness about an issue like this spreads quickly, and thieves will cater their activities to what’s popular or easily perpetrated.

        I don’t think the Apple Watch itself is any more in demand by thieves who might steal watches, but combine it with this ability anonymously take it over for a new user, and it becomes very a interesting target.

        Thefts of smartphones dropped dramatically after wiping them became exponentially more difficult. I see this as an open window Apple must and will likely close soon.

      • friedmud1 - 9 years ago

        Yes. But not just my watch. I don’t take out my phone, headphones, laptop or iPad in the same situation.

        It’s all about not becoming a target. I’ve never been mugged and I don’t plan on starting. It only takes a moment to stick my watch in my pocket before I start a 1AM journey home… so why not?

        People are making this all about the Apple Watch… when in reality it’s about basic self preservation when you live in a big city. I’m not worried about replacing my watch… I’m worried about being stabbed / shot / beaten while being mugged. These guys don’t ask politely for you to take off your watch!

        Do any of you people live in a big city?

        Phones were getting stolen all the time before the activation lock. The Watch is about the same value… why wouldn’t you think that it would be a target?

        Apple should have had activation lock built in from day one so thieves would never even have started to think about stealing them…

        Again: it’s not enough for me to be angry about or anything… I just think it’s a bummer and I’ll take steps to guard myself…

      • peteostro - 9 years ago

        friedmud1 says: “Yes. But not just my watch. I don’t take out my phone, headphones, laptop or iPad in the same situation” I guess you’re not married.. or you did not partake in the exchanging of rings.

      • friedmud1 - 9 years ago

        @peteostro I am married and wear a small, simple ring that isn’t worth as much as my Apple Watch. My wife, who has a decently sized diamond on her finger, DOES remove her ring in sketchy situations.

        I’m not sure what you’re trying to prove here.

        Common sense says: don’t be a target. Apple making the Watches useless to anyone else on the planet other than who their own would lower your chance of being a target. So… why not?

    • dvdv0815 - 9 years ago

      If I would feel like this I would come to the conclusion that I live in the wrong town or country. What good does a an iPad, iPhone or an Apple watch do, when you can’t use them exactly what they are (partly) made for? If you can’t use your stuff in public just move.

      • friedmud1 - 9 years ago

        Nah: I use them all the time on the subway… just not super late at night. I’m talking about 1-2AM train rides where I may be the only person in a train car. Totally different…

  3. This is in fact a big deal. Anyone with general knowledge of criminality knows that a phone or, in this case a smartwatch, that’s unusable if stolen doesn’t make an attractive target. This is the reason why iPhone thefts have dropped. If a criminal knows he or she can bypass the security to in fact use the Watch (or sell it more than likely), it makes the Watch an attractive target. It’s not just a matter of data being stolen or even just the Watch being stolen- it’s a matter of someone’s life being put in danger by a criminal that knows the Watch is worth something because its security can be bypassed. People get pistol whipped, stabbed, or otherwise assaulted for phones and I suspect Apple Watches soon. I’m sure Apple will fix this.

    • dshenk - 9 years ago

      This is exactly right.

    • GadgetBen - 9 years ago

      No its not a big deal. A big deal is buying a Rolex and having your Rolex stolen, or having an Omega and getting that stolen. (Unless of course you have the gold version, but only people who are rich and stupid would buy that).

      “People get pistol whipped, stabbed, or otherwise assaulted for phones and I suspect Apple Watches soon. I’m sure Apple will fix this.”

      What is wrong with you? You want Apple to stop muggings? There is no fix for this. A thief will target you if they think you are an easy target, whatever watch you wear.

      People need some intelligence before they comment on this topic. The most important issue is whether or not your data gets stolen. It does not. It would be nice for Apple to include a remote lock but it won’t stop people getting mugged.

      • Milorad Ivović - 9 years ago

        Classic discord between watch-wearers, and non-watch wearers. I had the same reaction as you… but I’ve worn a watch all my life. I suppose for some people the Apple Watch is the most risk they’ve ever put on their wrist.

        I still prioritise the data over the watch, because I have actual data of value on mine. Again that’s probably not everyone’s experience.

      • freshpressedguest - 9 years ago

        Yes, it is a big deal. This is the difference between a locked door and an unlocked one. The difficulty to get away with smartphone thefts was made difficult with provisions by the manufacturers, and thefts dropped. i.e. Thieves don’t target smartphones as much anymore.

        By the way, it wasn’t only Vertu phones that were being stolen – even lowly iPhones and Samsung devices. Your ‘Rolex’ comment is an entirely different topic and discussion.

      • You come across as a person who has no idea what happens in the real world and has no idea why people steal. Anything of value, especially something that can be flipped easily and quickly, is a target. There are not many people walking around the streets or riding in the subway with Rolexes on. There will be a lot of people with Apple Watches on. The common thief, in my city and I’m going to say any big city, is going to have an easier time flipping an Apple Watch than the rare Rolex they come across. Why? Because they can take that $400 Watch Sport and sell it to someone in their neighborhood or school for $100-150. That buyer will then sync it to their iPhone and use it before they get tired of it and then sell it. It’s about making a quick buck. The common criminal can not make a quick buck from stealing a Rolex, which again, is a rare find.

        I never said I want Apple to stop muggings, but if they instituted a fix it would certainly prevent some muggings of Apple Watches, as it did iPhones. You don’t comprehend well, do you? A thief will be less inclined to steal an iPhone or Apple Watch if they know that it’s a brick. This is a fact.

        You’re right, people do need intelligence before they comment on this topic. People like you, who seemingly live sheltered lives, are the ones who are the biggest targets and the people who say, “I didn’t think it would happen to me” after it happens to you. In what world do you live in where data is more important than your life or well-being? Again, you’re sheltered. I’d gladly give up my SSN, credit card, or my whole damn wallet and deal with the ‘data loss’ as soon as I can, instead of getting stabbed, shot, or even killed.

        And to the other guy who commented about the discord between watch-wearers and non-watch wearers. You may or may not have been directing your comment towards me, but I stopped wearing my collection of watches when I received my Watch Sport- probably because it’s new. I’ve been wearing watches since elementary school and am rarely seen without one. I’m well aware that any watch has some value to a thief.

        Long reply, but as LEO in a major city I feel strongly on this topic.

  4. daschwemmer - 9 years ago

    This is not an issue, and here’s why: 1) The security of your data is not compromised, 2) Guess what happens when someone steals your Rolex or Omega? Nothing. You file a police report and insurance claim. There’s no “find my Rolex” app, and 3) Apple will soon fix this.

  5. John Smith - 9 years ago

    So a stolen apple watch is not rendered useless/valueless, but data/connection to your iPhone would not be compromised (?)

    This is not something to panic over, but apple should fix it.

    People on here are right – it’s a valuable item which could be a target for theft/robbery. Unlike a traditional watch there is obviously something apple could do about this risk (and they should).

  6. steveome - 9 years ago

    I am very surprised (and disappointed) by this. Wouldn’t the simple fix be to require the passcode before a reset can happen?
    Maybe I will be a little more careful on my trip to Mexico City next week… ;)

  7. sewollef - 9 years ago

    I live in the city too [NYC] And I commute to and from my office in Manhattan. I read my iPad and listen to music on my iPhone during the journey. It used to be the case that opportunist thieves [and that’s what this issue is mostly about], would wait until the doors to the subway were about to close and then snatch some unsuspecting person’s iPad [or phone] and run off as the doors shut.

    By all accounts, that’s happened many times. If I’m standing by the doors and reading my iPad as they open, I turn my back to the open door and hold my device with two hands. Simple precautions are nothing more than common sense.

    Would I read an iPad on the subway at 1:00 am. No. But neither would I have earbuds in playing music at that time either, since I want to be totally aware of my surroundings. Would wearing a watch make that harder or easier? I doubt it. Are you more likely to be targeted? Only if you flash around your expensive item, which is dumb anywhere, let alone a safe city such as New York.

    If someone’s going to steal from you and hurt you to achieve that they’ll do it regardless of what you have – a $5 gizmo or a $500 Apple watch.

    This issue smells a lot like ‘bendgate’ to me.

    • friedmud1 - 9 years ago

      Odd to me that on the one hand you take precautions with your iPad and on the other hand suggest that there is no need to take precautions with a Watch.

      No one here is claiming that the Watch shouldn’t be bought because of this issue. Or that it’s some sort of fatal flaw. All we’re saying is that it would have been nice if Apple would have made it less likely to be a target.

      I completely agree with you about iPads and Headphones at 1AM. Being alert and cautious is just good sense….

  8. Steffen T. (@steffentei) - 9 years ago

    First I thought, it would just work with a connected iPhone, but that’s not true,

    After the reset you have to activate the watch again so you need a appleid and the watch will be connected to it. So I think if you lost or your watch will stolen, you have to call apple and disable the serial number

  9. 4nntt - 9 years ago

    I’m sure they will be adding activation lock in a software update. They probably just didn’t get to it before release.

  10. incredibilistic - 9 years ago

    I understand people want to get this information out but it would’ve been better if this YouTube poster brought this to Apple’s attention rather than just throw it up on YouTube just so he claim he was first to uncover it.

    Don’t help the criminally minded or give anyone ideas just for bragging rights.

  11. peteostro - 9 years ago

    “I verified this with my own Apple Watch, and it works exactly as shown”
    did you try pairing it to an iPhone it has never been paired with before?

  12. Following this logic, the Switzerland government should take the responsibility when someone’s Rolex got stolen.

  13. SUSAN LEE (@devicereset) - 9 years ago

    I think that every smartphone have to know how to hard reset a top smartphones. This information is 100% right. I read this post. Write more post about device reset.

  14. Ian Javate (@jvte_23) - 8 years ago

    an Apple ID and password will be required to pair a stollen Apple Watch to compatible a iPhone. the video did not show the pairing part

  15. Keith Drayton - 8 years ago

    Help me with this ,I have a apple watch 42mm sport that I just bought 2nd hand and can’t get it paired with my I phone 6 it keeps saying that I have the wrong id but it is right so how can i clear this watch to factory settings so i can make this work for me .

    thanks Keith

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear