“Much like how cyber criminals are increasingly targeting mobile devices over PCs, it’s a virtual certainty that as wearable devices go more mainstream they’ll be targeted by hackers,” Cadie Thompson reports for CNBC. “Which leads us to the Apple Watch… For now, Apple’s watch appears to be the most secure of the emerging smartwatch landscape, said Geoff Vaughan, a security consultant at Security Compass.”
“It’s essentially like adding a second monitor to your iPhone, since it requires one to perform most functions, Vaughan said. Thus, it’s limited functionality without the iPhone actually makes it more difficult to steal valuable information, he said,” Thompson reports. “‘All of the data at rest will be on the mobile device, which is in contrast with other watches where almost everything is on the watch. Those certainly have a larger threat landscape,’ he said.”
“It’s worth noting that the Apple Watch can still be used for Apple Pay without the iPhone, but there are security measures in place to help ensure the owner of the Watch is the only one using it,” Thompson reports. “For example, the Apple Watch comes with an opt-in PIN similar to those used on an iPhone which requires users to enter it in each time they use Apple Pay with their watch. It also requires a PIN to be entered anytime the watch is removed and put back on.”
Read more in the full article here.
MacDailyNews Take:
Security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud and new services like Apple Pay… A few years ago, users of Internet services began to realize that when an online service is free, you’re not the customer. You’re the product. But at Apple, we believe a great customer experience shouldn’t come at the expense of your privacy. Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t “monetize” the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple. — Apple CEO Tim Cook
Duh…
Apple’s A-series chips have the Secure Enclave, the most secure data security mechanism, built right into the CPU. My guess is that the S1 that powers Apple Watch will have the same.
This goes over the SE in detail:
http://seekingalpha.com/article/2532065-apple-pay-a-semi-monopoly-on-the-real-killer-app
I believe the S1 does have the Secure Enclave built-in. That’s where Pay credit card information is stored on the Watch to permit using Pay without the iPhone.
As a general principal having data that a device (watch) uses stored on another device (phone) is no more secure than having it on the watch itself. If the phone isn’t secure and the communication between phone and watch isn’t secure then the whole thing messed up. Since the iPhone is the most secure and the Apple Watch is designed along the same principals that’s what makes it secure.
Unless the other smartwatches manage sensitive data or have functions similar to Apple Watch that would need security, it’s sort of pointless to make the distinction of being ‘more’ secure.
Actually, if you read the article, the point is not so much that the Watch is the most secure. The point is that there is worrisome hackability in all mobile devices. In the end, the article points out the crud factor that is Bluetooth.
I’ve never liked Bluetooth. Why it hasn’t yet been tossed aside for superior technology, I have NO idea.
I prefer apple products when it comes to security but even so, it’s not perfect. You can brute force attack the iphone passcode to get in. Phishers have set up fake iCloud sites to lure victims who use the findmyiphone service. Security is also on a shifting field, e.g. Hackers have created fingerprint overlays they can place over scanners and as more vendors use fingerprint for everything including building access, the security of fingerprints may decrease over time.