Apple Watch Ultra 2 Hacked

My wife's Ultra 2 smart watch was also hacked yesterday February 2 at around 4:30pm est. Her watch has mobile service. I can't be certain but I don't believe it was accessed by wifi, or at least wifi alone. Coincidently she did receive a call just before the incident and may have been related to the gaining access to the watch. We considered the caller a spammer and was calling to provide financial aid for debt. We hung up immediately. It was crazy and very upsetting. Soon after, the watch started acting on its own and was pinging her iPhone. Once she took the watch off it started trying to log in to the watch using different codes. Fortunately it failed and was locked out. Then we struggled to figure out what to do next - mainly trying to power it down. The power button in the upper right corner did not work. Finally going for the reset worked - pressing the crown and holding in the side button until the reset option was shown. We are carefully resetting everything using other devices that do not appear to have been compromised. Any information about this event and any steps or precautions to take would be appreciated.

same happened to me today in Germany. The watch acted strange. I took it off and it locked. Then somehow numbers were filled in and it went to block for 1 minute, then 5 and when it arrived at 15 minutes block i started to reset the watch, which was successful. Not sure… can i just restart and connect it again with my phone? Or should i wait for a watch os update to close the security problem?

Had exactly same situation. They got in, went into fitness, at that point I took the watch

off my wrist, so it got locked. They tried to unlock it and eventually got

blocked for 1 minute. Took same actions. I restore it and change password as

well. The issue is how did they got in? usually you make a mistake on giving

them some information when they take you by surprise, but this time they just

got in. Made me worry about the vulnerability of the watch.

The same thing happened to me: https://www.youtube.com/watch?v=G6dazJk9AtU

Date of Incident: February 6, 2024, at 18:36 CST

Device: Apple Watch Series 9

Issue Description:

I am writing to report a significant security concern that recently occurred with my Apple Watch Series 9. I experienced a disturbing incident where my device appeared to be remotely controlled by an unauthorized external party. This unauthorized access and control persisted until the device was manually powered down. The incident has raised serious concerns regarding the security and privacy of my personal data stored on or accessible through the device.

Evidence and Documentation:https://www.youtube.com/watch?v=G6dazJk9AtU

I possess a recording of the incident, which unequivocally demonstrates the manipulation of my device by an external entity. This documentation should provide valuable insights into the nature of the breach, potentially aiding in identifying the method of unauthorized access.

Today 10th February 2024 at around 6.20am, someone tries to snoop into my Applewatch Ultra 2. As they were trying to get over the password, my watch was locked for 1 min and then again they tried to enter the password the moment 1 min was over. This time watch was blocked for 5 mins. I was awake surfing my iphone and the watch was beside me on the table. I heard the haptics and typing click sound again and again, then i saw all these happenings right infront of me. I immediately reset my watch from my iphone.

I setup it again as a new pair of watch skip the backup of data. Changed the password to more secure and random.

@applecare - WHAT IS HAPPENING ? Give response to us

Best option is to immediately impair the watch from your iPhone’s Watch app. That was the only was I was able to stop the remote access. The unpairing process interrupted the Lock Screen.

After this experience I’m moving towards long passcode (8 numbers). The attacker tried all the typical passwords that used. Mine was not one of those but regardless use the long passcode!

This is NOT a hack it is a software malfunction and can be removed by re-setting and pair as a new watch, as has been stated several times.

Put Apple Watch on its charger.

Press and hold the side button until you see the screen with the power button in the upper-right corner, then let go of the side button. If your Apple Watch has an earlier version of watchOS, you see the Power Off slider instead of the power button.

Press and hold the Digital Crown until you see the red Reset button.

Tap Reset, then tap Reset again to confirm.

After Apple Watch unpairs completely, you can pair again. Remember that you'll need the Apple ID and password that were used to set up the watch. Set up as New Watch

If you thought the watch was hacked this would also be the way clear it.

Just had the same existence with ultra 2 at a Culver’s restaurant. I tried to walk around and find the person since it is likely a Bluetooth vulnerability. They were unable to guess passcode and locked my watch for 60 minutes which covered the rest of my eating time. Got home and trying to see if I can reset it. Was unable to shut it down during the passcode attempts.

Just bought an Ultra 2 today and seeing this. Umm WHAT!?

watchOS 10.4 includes new features, improvements and bug fixes, including:

• Tap to Show Full Notification setting now allows you to double-tap to expand the notification
• Using Apple Pay with Confirm with AssistiveTouch will require a passcode for additional security and will not support double-clicking the side button
• Resolves an issue that causes some users to experience false touches on the display
• Fixes an issue that prevents contacts from syncing to Apple Watch for some users

For information on the security content of Apple software updates, please visit this website: Apple security releases - Apple Support

Yes, it's kind of spooky, this one, isn't it? It just happened to me on my Ultra 2, and it's easy to believe that it's somebody else trying to manipulate your watch, because it's a lot of random screen presses and swipes (which is, of course, the main way of interacting with the watch).

What actually gets triggered will depend on things like which complications you have on the display. For mine, it kept starting lots of timers, which then of course started buzzing and flashing as they went off...

And if, like me, you take your watch off to try other solutions, then of course, the random screen taps will quickly result in a keypad asking you to enter your PIN, and you'll see what looks like somebody trying lots and lots of attempts to hack into your watch...

I haven't ever seen something like that on an Apple product before, so it was pretty wild!

But I noted the earlier comment that a recent software update supposedly contains a fix for this, and by resetting a few times and putting the watch on its charger, I managed to get it to recover to the point where I could do the software update. So far, it now seems fine. We shall see... :-)

Everybody having similar issues should report that directly to Apple by using the Feedback link.

Feedback - Apple Watch - Apple

watchOS 10.4 includes new features, improvements and bug fixes, including:

• Tap to Show Full Notification setting now allows you to double-tap to expand the notification
• Using Apple Pay with Confirm with AssistiveTouch will require a passcode for additional security and will not support double-clicking the side button
• Resolves an issue that causes some users to experience false touches on the display
• Fixes an issue that prevents contacts from syncing to Apple Watch for some users

For information on the security content of Apple software updates, please visit this website: Apple security releases - Apple Support

For those who still think this is an intentional hack by outsiders rather than the effects of dozens or hundreds of random screen/button events per second (as reported by Apple and fixed by release 10.4) , I would suggest it's worth remembering that our brains are wired to see sinister patterns in random data. Supposedly meaningful texts could be sent by a sequence of random clicks on the autocomplete buttons, for example.

If it looks as if someone is entering passwords or logging into sensitive apps, we see the whole thing as sinister. If it looks as if they are also starting stopwatches and scrolling through weather reports, we tend to ignore that, rather than wondering why someone who had gone to so much trouble to hack into my watch would want to check the local weather...

Another type of software bug might cause the system to replay past events, but I don't think that's happening here. Everything I saw could be explained by randomness, though I admit it looked worrying at the time!

No problems since the software update.

My ultra watch 2 was hacked today mng. They started accessing parked car locations, fitness data. I noticed and had to take the watch off to lock the watch. They tried unlocking couple of times and then it got locked for a minute due to failed password attempts and I had to turn off the watch for a while to figure out what to do. Then turned back on with out unlocking , I did the reset from the iPhone to unpair the watch.