Apple Watch Ultra 2 Hacked

Today this happend to me too. Felt the force feedback from my Ultra2 and noticed it was taking pictures via mij iPhone! I took the watch off, saw the screenlock being activated. Then I saw seemingly random numbers being key'd in until it triggered the 1 minute time out... I tried to deactivate the watch but that turned out to b contest of who was faster (or so it looked and felt). I turned off all connections on my iPhone (WiFi, Bluetooth). I then was able to make it to the 'turn off-' slider.

After this went online, logged onto Apple ID, removed the watch en changed my password, logged off from all devices. Back to my iPhone, updated password, reestablished connectivity, turned on the watch, went to my iPhone and to the iWatch app and factory reset the watch... now it sits there, reinstalled and waiting for pairing...

I'm going to keep it that way until this apparent leak has been plugged tight!

Hope that happens soon or perhaps there's someone here who knows more about this issue?

Yes, it's kind of spooky, this one, isn't it? It just happened to me on my Ultra 2, and it's easy to believe that it's somebody else trying to manipulate your watch, because it's a lot of random screen presses and swipes (which is, of course, the main way of interacting with the watch).

What actually gets triggered will depend on things like which complications you have on the display. For mine, it kept starting lots of timers, which then of course started buzzing and flashing as they went off...

And if, like me, you take your watch off to try other solutions, then of course, the random screen taps will quickly result in a keypad asking you to enter your PIN, and you'll see what looks like somebody trying lots and lots of attempts to hack into your watch...

I haven't ever seen something like that on an Apple product before, so it was pretty wild!

But I noted the earlier comment that a recent software update supposedly contains a fix for this, and by resetting a few times and putting the watch on its charger, I managed to get it to recover to the point where I could do the software update. So far, it now seems fine. We shall see... :-)

For those who still think this is an intentional hack by outsiders rather than the effects of dozens or hundreds of random screen/button events per second (as reported by Apple and fixed by release 10.4) , I would suggest it's worth remembering that our brains are wired to see sinister patterns in random data. Supposedly meaningful texts could be sent by a sequence of random clicks on the autocomplete buttons, for example.

If it looks as if someone is entering passwords or logging into sensitive apps, we see the whole thing as sinister. If it looks as if they are also starting stopwatches and scrolling through weather reports, we tend to ignore that, rather than wondering why someone who had gone to so much trouble to hack into my watch would want to check the local weather...

Another type of software bug might cause the system to replay past events, but I don't think that's happening here. Everything I saw could be explained by randomness, though I admit it looked worrying at the time!

No problems since the software update.

Best option is to immediately impair the watch from your iPhone’s Watch app. That was the only was I was able to stop the remote access. The unpairing process interrupted the Lock Screen.

After this experience I’m moving towards long passcode (8 numbers). The attacker tried all the typical passwords that used. Mine was not one of those but regardless use the long passcode!

There was never a hack, Apple admitted it was a bug and fixed it in OS 10.4

Google the release notes for 10.4

Thanks LD150 - your information appears to have been on target. Last night my Ultra 2 went into crazy-touch mode and I ended up here (and other places). After putting my watch on the charger I finally managed to enter my code and start the 10.4 install from my phone. After a couple of hours of plugging away, I went to bed with it still in "Preparing" mode. When I got up this morning it was ready to "Install" and I did so. A half hour later my watch was updated to 10.4 and it seems to be working fine. Sure looked like hacking at first, but it appears to have just been the bug that Apple noted they'd addressed in the software update. Why it took such an extremely long time remains a mystery, but perhaps the watch was still dealing with lots of spurious touch events.

This is NOT a hack it is a software malfunction and can be removed by re-setting and pair as a new watch, as has been stated several times.

Put Apple Watch on its charger.

Press and hold the side button until you see the screen with the power button in the upper-right corner, then let go of the side button. If your Apple Watch has an earlier version of watchOS, you see the Power Off slider instead of the power button.

Press and hold the Digital Crown until you see the red Reset button.

Tap Reset, then tap Reset again to confirm.

After Apple Watch unpairs completely, you can pair again. Remember that you'll need the Apple ID and password that were used to set up the watch. Set up as New Watch

If you thought the watch was hacked this would also be the way clear it.

Moisture should not contribute to such problems. It is a rugged, submersible, diving watch. Mine just started to do it today after a non sweaty workout, LOL! A lot of apps kept loading that I was unable to quit. Then after I removed the watch from my wrist, it was as if someone was trying to enter my pass code so many times I was locked out. I updated my iPhone, then my Ultra 2 and, … Never mind, got hung up during update and had to perform the factory reset, that seemed to be the fix for everyone else on this forum. Then followed by the update install…😞👎 I believe it’s fixed now. Whew! 🤞

Did you already contact the official Apple Support about that?

They are also able to diagnose your Apple Watch online.

Contact Apple for support and service - Apple Support

Nope. Exploits can't happen. It's a software glitch in 10.3 or 10.3.1 that caused this behavior mainly on S9 and U2 watches.

Alpha_Imperium wrote:

They guessed wrong, so it locked for 1 min and then I factory rest it and unpaired it. And reset all my passwords

Never heard anything like this, but your last actions were correct, set it up as a new watch after resetting, then change or replace your wi-fi router with one with wpa2 or better

Everybody having similar issues should report that directly to Apple by using the Feedback link.

Feedback - Apple Watch - Apple

My Series 9 did it too. A few facts. 1. occurred while on wrist. 2. I have 4 digit simple password set up. 3 Had just opened Safari.

Past that, not sure what happened. I took the watch off and eventually it got locked out and I did a reset.

To be 'safer' I unpaired the apple watch (go to iphone, watch, info, unpair) and updated software and repaired and used an 8 digit login.

It's hard to know where this "hack" is coming from. The watch does not have it's own IP address, so probably not from the wifi. That leaves Bluetooth. But that needs to be pretty close ie.. someone driving around. Given how many of us have had this in the country, unless all these posts are from San Antonio, TX, lol, I would say that it's not bluetooth. So.... where then? it's pretty fancy, time consuming and expensive to create a hack from a download that does not have to be opened. I am usually pretty cautious about opening anything that is anywhere suspicious. So hard to know. Good luck!

Had exactly same situation. They got in, went into fitness, at that point I took the watch

off my wrist, so it got locked. They tried to unlock it and eventually got

blocked for 1 minute. Took same actions. I restore it and change password as

well. The issue is how did they got in? usually you make a mistake on giving

them some information when they take you by surprise, but this time they just

got in. Made me worry about the vulnerability of the watch.

My ultra watch 2 was hacked today mng. They started accessing parked car locations, fitness data. I noticed and had to take the watch off to lock the watch. They tried unlocking couple of times and then it got locked for a minute due to failed password attempts and I had to turn off the watch for a while to figure out what to do. Then turned back on with out unlocking , I did the reset from the iPhone to unpair the watch.