BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Feds Want To Search Apple Watch -- The First Jailbreak Shows What's Possible

Following
This article is more than 6 years old.

In at least one federal case, the government has sought to search an Apple Watch, Forbes has discovered. That should be of little surprise: according to the first person to jailbreak the wearable tech, it doesn't have the same levels of hardware security as the iPhone but contains much of the same data, from text messages to location information.

For reasons that are unclear, the cops in that one case, involving a drug trafficking investigation in Ohio, weren't able to execute the warrant for an Apple Watch Series 2. The cops issued separate search warrants for an iPhone and the Watch of a suspect. They sought to gain access to the phone by forcing the fingerprint of the suspect onto the TouchID sensor to unlock iOS. A document detailing the execution of that warrant said data was successfully acquired, though didn't say how. No such luck with the Watch, however. The Department of Justice declined to comment on the case as it was an ongoing investigation.

But what's clear, from that case and another warrant obtained by Forbes that unsuccessfully sought to acquire information from an unnamed pink and black smart watch, is that the feds are seeking access to wearables. And the latest research into the security of the Apple Watch might be of use to them.

How Apple Watch was jailbroken

Max Bazaliy, a researcher at cellphone-focused security firm Lookout, said his WatchOS 2 jailbreak technique could provide important research for forensics experts as they seek to break the security protections put in place by Apple. His hack to remove Apple's control over the Watch used three separate vulnerabilities, two of which were discovered during an investigation into an attack on the iPhone of a prominent UAE activist Ahmed Mansoor, in an alleged attempt to install a surveillance tool from Israeli firm NSO Group.

Perhaps the most impressive aspect of his work was the effort it took to analyse the kernel of WatchOS, a necessary step in determining how to launch exploits on the system. Though the wearable's operating system is similar to iOS, it's not exactly the same, meaning some deeper knowledge of its internals is required, Bazaliy explained. To get a better understanding of the kernel, the researcher had to crash the device using one of the vulnerabilities used in the NSO attack, which would then leak just four bytes of the kernel. He had to get up to 700 bytes before he had enough to launch his attacks, a process that took two weeks of repeated crashes, thanks to the five minutes the Apple Watch took to recover from each failure.

Once he'd found a hook in the kernel, Bazaliy was able to install an app that, once clicked on, would launch the jailbreak, allowing anyone with access to connect in via a communications channel called SSH. It's possible, for instance, to hook up a laptop to a Watch and start looking through the data inside. Or users can start customizing their device with non-approved apps. Intriguingly, the exploit app could be installed on a locked watch, but the user would still need to click on the app to launch the jailbreak.

There's a significant caveat regarding Bazaliy's jailbreak: it doesn't work on any WatchOS later than 3.1.1, released to consumers back in January. Apple has patched the vulnerabilities, including the aforementioned ones used in the NSO Group attack.

But it's still proof there are ways around Apple Watch's protections. And it might be useful for cops wanting to acquire data from the tech giant's increasingly secure hardware. "The iPhone has more protections on the hardware side and Apple Watch doesn’t have them yet," Bazaliy told Forbes at the Def Con hacker conference last week. "So for now it might be easier to do forensics on a Watch than on a phone."

He also noted the Watch can be used to open Mac computers too, offering further potential for law enforcement trying to hack into Apple machines. Bazaliy plans to explore that avenue in future research.

Follow me on TwitterCheck out my websiteSend me a secure tip