Is Apple’s watchOS 2 Update Less Secure than the Predecessor?

If you are like me, you were ecstatic when Apple finally decided to release its version of the Apple Watch smart watch. For many, this was a long overdue added installation to Apple’s device lineup. While its delayed release proved worth the wait, soon after, Apple Watch owners, as well as the general public, received intriguing news about the recently released watchOS 2 operating system for the Apple Watch. With a vast number of new features—one being the ability to run native applications on the watch—is Apple prepared to keep the information stored on your watch secure?

A lot of consumers are anxious to acquire and utilize the new watchOS 2 update, which was released on September 21 after a four-day delay. With a plethora of new additions that will be added to the watch, it’s no wonder the amount of buzz surrounding it is great. With the addition of more functionality to the Digital Crown, Tetherless Wi-Fi, more watch faces, and a new Apple Watch Music interface (to name a few), the Apple Watch has the potential to be named the most advanced smart watch to date1.

With these new features, Apple is transforming the functionality of the watch from a companion device to more of a stand-alone one. And, people are excited to upgrade, but the problem is that most people don’t consider the security ramifications when additional features and functionality are added to devices. Most consumers see a new device and have the urge to buy it, not because they have use for it but because it is new. This could be seen with the huge push of Internet of Things (IoT) devices, most of which were proven vulnerable to exploitation during Independent Security Evaluators’ IoT village at DEFCON 23.

The biggest feature that has me worried about the safety of Apple Watch users’ information is the open access developers have to utilize the watch’s hardware, as well as run applications natively on the watch2. Numerous thoughts and questions arose in my mind when Apple announced that the watch would have the ability to run native applications, including:

  • How is Apple going to ensure the security of the device and the information that resides on the Apple Watch?
  • Is Apple implementing the same security model and security measures as incorporated in the iPhone/iPad operating systems?
  • If Apple does not have a sound security model implemented, the Apple Watch could put sensitive user information at risk.

Tetherless Wi-Fi, the ability to connect to open Wi-Fi networks without the need to connect to your iPhone first, is also featured in the watchOS 2 update2. Previously, the watch was able to connect to Wi-Fi networks, but only if the network was a known one. This feature, in conjunction with native applications running on the device, could leave the watch vulnerable to exploitation by adversaries. While joining and accessing the Internet via an open network is not a vulnerability, remote attackers on the same open network could have an opportunity to compromise the Apple Watch depending on which services and protocols are enabled within an application that could be running in the background.

Adding new features and functionality usually creates new attack surfaces for attackers to exploit; did Apple cover all of its bases with the new operating system? I am very curious, and we shall soon find out soon enough.


  1. The Watch Reimagined
  2. Apple’s Keynote

Additional Information

Readers interested in further details about this topic can reach us at: