Mobile Security & Enterprise Mobility Blog

Apple patches major security vulnerabilities in the watchOS

Is the Apple Watch secure? While everyone is tuned in to WWDC 2015, waiting for the latest moves and releases from San Francisco, there are those of us whose first reaction is to see, and sometimes find, the potential security vulnerabilities that come with each new iOS and gadget. The Apple Watch is no exception, and the groundwork is already there for a big payoff to the right attacker.

Apple-WatchSome of you out there are receiving the new Apple Watch. The first thing you have to do once you receive it is to connect to WiFi to update to the latest OS. One could put that step off for a moment but then you’d be open to one of the more nasty vulnerabilities out there, DoubleDirect.

DoubleDirect,” is a type of ICMP Redirect “Man-in-the-Middle” attack (MITM) enabling an attacker to redirect a victim’s traffic to the attacker’s device. Once redirected, the attacker can steal credentials and deliver malicious payloads to the victim’s device that can not only quickly infect the device, but also spread throughout a corporate network.

We’ve observed the DoubleDirect ICMP attack in-the-wild in over 30 countries. Unlike most ICMP Redirect MITM implementations  which are only half-duplex (except for InterceptNG’s project),  DoubleDirect allows full-duplex MITM. An attacker can then fully intercept the communication from both the victim and the gateway.

So what does this mean for the Apple Watch?

With a device vulnerable to DoubleDirect, connecting to a known or trusted WiFi network can allow an attacker to redirect your traffic to their device. This lets them control everything you see and feed you additional client side exploits, further compromising your security. Zimperium discovered DoubleDirect attacks in-the-wild last year. Fortunately we were able to provide a public PoC and root cause analysis, and Apple was able to patch all of its latest operating systems, including Apple Watch OS 1.0.1. While Apple did a fantastic job updating its devices across all platforms – these devices are still vulnerable out of the box to DoubleDirect. The main problem is that you need to update Apple Watch on a network that you trust – definitely not on a public or unmanaged corporate network.

This is certainly a sign of things to come in terms of securing Apple devices in the enterprise. Zimperium Enterprise Mobile Security customers using Apple and Android devices are protected from DoubleDirect regardless of the operating system version they use.

If you would like to know more about our solutions, please request a demo at www.zimperium.com/request-demo

[1] About the security content of Watch OS 1.0.1
     https://support.apple.com/en-us/HT204870