This month saw another beta release of iOS 8.2 to developers and we started to see more information hidden in the APIs on the upcoming Apple Watch release.
Apple is remaining tight-lipped as usual with regards to the release date (Spring 2015 from an internal memo) and the exact functionality of the Watch, which will likely depend on what early access developers have come up with. What we know now, is that Apple Watch will pair with an iPhone via Bluetooth and come with a Companion App. Shortly after the Apple Watch launch event, Apple released to developers the WatchKit SDK which gave hints that the user’s iPhone will take on the bulk of the processing for applications. Bluetooth exploits have cropped-up from time to time in the past few years but will we see a surge in Bluetooth attacks this year? It looks as though it will be possible to unlock an iPhone from a paired Apple Watch and perhaps access Apple Pay functions too.
Lacking any external connectivity nor usable input, the Apple Watch will be moderately dependent on its tethering with the user’s iPhone. A number of notifications can configured to be pushed to the Watch with some notifications also allowing shortcuts to responses. Apple has had their fair-share of lockscreen bypass techniques in the past and having another ‘screen’ to secure with every release and notification type will certainly present more of a challenge to Apple’s QA.
IOS Threat Prevention
The US Federal Trade Commission recently announced it was working with Apple to ensure that data collected in their HealthKit SDK wasn’t being used without the user’s consent. Enterprise Security Officers will be interested to see what vectors and vulnerabilities, if any, an Apple Watch tethered to a phone connected to ActiveSync or an organisation’s VPN will present. Will MDM solutions allow policies to control what information can be shared with a wearable device and what information about the user’s private health data, can be shared back with their employer?