When the Activation Lock security feature was first introduced to the iPhone with iOS 7, it was praised as a strong way to dissuade would-be smartphone thieves. A stolen iPhone could be reset, but trying to reactivate it would require the owner’s Apple ID and password to be entered. Unfortunately for owners of the new Apple Watch, the wearable has a similar security feature, but it can easily be bypassed, meaning a stolen Watch can be paired with a different iPhone.
The Apple Watch’s security feature requires a passcode to be entered when used after it detects it has been removed from a user’s wrist. That passcode is not required to turn off and reset the device. The video below shows how instead of entering a passcode, someone can long-press the Contacts button on the side of the Watch, and choose to erase all settings and contents.
Once reset, a thief is free to pair the Watch with their own iPhone, or just choose to sell it to someone else. The one positive aspect is that they still wouldn’t have access to a user’s personal data. But then that user is still missing the Watch they paid for.
Apple hasn’t commented on this recently discovered exploit, but hopefully it can be fixed quickly with a software update. In the meantime, take extra special care of where you put your Apple Watch when it’s not around your wrist.