Pwing Apple Watch
Max Bazaliy
June 23, 2017
MOSEC
1
2
3
4
5
6
7
8
9
10
11
12
1
About me
2
o Security researcher at Lookout
o Pegasus malware lead researcher
o Software and hardware exploitation
o Fried Apple team co-founder
o Made a various jailbreaks for iOS
3
4
5
6
7
8
9
10
11
June 23, 2017 MOSEC 12
What is Apple Watch ?
o Released in 2015
o Apple S1/S2 processor
o ARMv7k 32 bit architecture
o 512 MB RAM
o WatchOS
1
2
3
4
5
6
7
8
9
10
11
June 23, 2017 MOSEC 12
Apple Watch security
o Secure boot chain
o Mandatory Code Signing
o Sandbox
o Exploit Mitigations
o Secure Enclave Processor (S2)
o Data Protection
1
2
3
4
5
6
7
8
9
10
11
June 23, 2017 MOSEC 12
Possible attack vectors
o Malformed USB decriptor (special cable)
o Malformed email, Message, Photo, etc
o Application extension based
1
2
3
4
5
6
7
8
9
10
11
June 23, 2017 MOSEC 12