back to article Oi, Tim Cook. Apple Watch. I DARE you to tell me, IN PERSON, that it's secure

Apple is facing tough privacy questions as it gears up for the release of its new Apple Watch, with one US state attorney demanding a meeting with Tim Cook. Connecticut Attorney General George Jepsen has asked the fruity führer for a face-to-face chat so he can ask whether Apple will store the data from the justWatch on its …

  1. Semtex451

    Remember when that new Apple PR lady didn't get the memo and actually spoke to El Reg?

    That was funny.

    1. ElReg!comments!Pierre

      Yup, back to normal soon methink. Although...

      If Apple's PR dept blew a fuse over "snow lepperd", I don't think "fruity führer" will do their arteries any good.

      But El Reg now has considerably more clout than back then; it's recognised as one of the leading tech publications in the English*-speaking world. So perhaps Apple will be willing to let a few disparaging comments slip through...

      *English and related languages such as Strine or Murkin.

      1. Cliff

        Re: Yup, back to normal soon methink. Although...

        Jag-wire, don't forget jag-wire

        1. John Brown (no body) Silver badge
          Thumb Up

          Re: Yup, back to normal soon methink. Although...

          "Jag-wire, don't forget jag-wire"

          I thought left-pondians pronounced it shag-wah!

      2. whatevs...

        Re: Yup, back to normal soon methink. Although...

        "El Reg now has considerably more clout than back then; it's recognised as one of the leading tech publications in the English*-speaking world"

        It really isn't...

        1. Seanie Ryan

          Re: Yup, back to normal soon methink. Although...

          El Reg and clout ! you forgot the Joke icon

          also "after hackers broke into Apple's iCloud"

          Wrong; Fail. No-one broke in. They got some users passwords and logged in. A far cry from being a Hacker. My six year old niece logged into my iPad after watching me key in the PIN. Would call her a hacker,, and she didn't 'break in'

          Top notch journalism !! I swear , more and more I come to this site for the laughs rather than for actual news.

          1. Loyal Commenter Silver badge

            Re: Yup, back to normal soon methink. Although...

            My six year old niece logged into my iPad after watching me key in the PIN.

            The difference being in the detail, of course. Did your Niece brute-force the password, over the internet, in order to gain remote access to the data from your iPad? No, didn't think so.

            The actual problem with all the cloudy stuff (and not just Apple's implementation) is twofold:

            Firstly, the authentication is weak - it is password based, and doesn't seem to authenticate the device itself (otherwise, this was actual hacking, not just password guessing), so anyone can have a crack at getting in. In security parlance, the attack surface is very large - i.e. the entire internet.

            Secondly, your data is held by a third party, who you have to implicitly trust. you have no say in how they secure your data, and no control over how they use it, other than the terms and conditions they give you. Which nobody reads anyway, because they are likely to be 200 pages of legal jargon.

            1. Seanie Ryan

              Re: Yup, back to normal soon methink. Although...

              @Loyal Commenter

              firstly, there is no evidence that the passwords were brute forced on iCloud, and not taken from some other hacked site and used, in the hope that the same one was in use. No evidence that it wasn't either, so neither of us can claim that point.

              Secondly, it took my niece 3 attempts to get it right, as she had a fair idea what she saw me type, so in effect, yeah, she brute forced it (with a good starting point )

              as for "over the internet" oh no's !!!! you can hack over the internet now ??!! What WILL we do? ;-)

              don't worry, i'm just poking fun.

              But I agree with you that the problem is, and always has been the single password. 2FA helps, but that has problems too, as if the phone is stolen, then it can be selected to receive the code. Short of it all is, that if someone really wants your data, they will get it. Same as when car immobilisers got good enough, the thief simply broke into the house and stole the keys or car jacked you.

              Oh, and on the 200 word jargon, why do you think companies produce these? Answer: idiot users who want a quick buck and sue over the slightest thing. Ends up costing the normal people money. Case in point is that pretty soon you will have to have insurance on your ride-on mower in the EU. All because one guy fell off a ladder and happened to fall on the mower. Idiot sued and now you will need insurance to operate one on your own land. It won't be long before we all need T&Cs for people who just drop by for tea.

              I wish we were back in 1980 again. Common sense was a lot more common

  2. This post has been deleted by its author

  3. Rustident Spaceniak

    Watch that watch!

    Why, what with watch wizardry, wonder what we will not ever know? Just imagine if Sherlock Holmes could deduce the existence and recent history of Watson's elder brother just by looking closely at his pocket watch, a modern-day analyst should be able to deduce your secret girl friend's existence and her personal tastes by analysing the molecular-level traces of her perfume and hair spray on your watch, and matching those with a data base. They won't even need to bother looking at the actual data stored in the computing bit! Shame and exposure await you all, ye who buy those things.

    1. DJO Silver badge

      Re: Watch that watch!

      Why much about with watches or perfume when all you need is, for example, a small piece of fairy cake:

      Since every piece of matter in the universe is in someway affected by every other piece of matter in the universe, it is, in theory, possible to extrapolate the whole of creation - every galaxy, every sun, every planet, their orbits, their composition, and their economic and social history, from, say - one small piece of fairy cake.

      (Douglas Adams - but you knew that)

      1. DJO Silver badge

        Re: Watch that watch! - Erratum

        "Why much about with" should of course read "Why muck about with"

        Sorry about that.

    2. Anonymous Coward
      Anonymous Coward

      Re: Watch that watch!

      It could at least record the time of the wearer's death based on pulse. And perhaps call 9-1-1 for a moderate monthly fee...

      1. Lars Silver badge
        Coat

        Re: Watch that watch!

        "It could at least record the time of the wearer's death based on pulse. And perhaps call 9-1-1 for a moderate monthly fee...". It will probably send coffin adverts to the spouse, (more useful too).

      2. Anonymous Coward
        Anonymous Coward

        Re: Watch that watch!

        "It could at least record the time of the wearer's death based on pulse. And perhaps call 9-1-1 for a moderate monthly fee..."

        Nah, each watch comes with a lifetime guarantee - once it breaks, a small razor blade pops out and slits the wearers wrist.

  4. Ted Treen
    Big Brother

    Really?

    A politician from the same system that gave the world the NSA and the Patriot act is now getting all righteous over privacy and demanding reassurances?

    They're obviously cut from the same block as our politicos here on our side of the pond.

    1. Indolent Wretch

      Re: Really?

      Your right because some politicians over there are bad, no politician over there can ever be good.

      Ipso Fatso

      1. dogged

        Re: Really?

        I was going to upvote "Ipso Fatso" but the "your right" makes me wonder if perhaps it wasn't deliberate.

    2. Chris 244

      Re: Really?

      Have a look at his platform: privacy rights, gun control, marriage equality, women's rights, health insurance coverage for mental health issues, environmental protection.

      And Connecticut voters put this guy in office. Perhaps there is hope yet...

      1. Destroy All Monsters Silver badge
        Holmes

        Re: Really?

        "privacy rights, gun control, marriage equality, women's rights, health insurance coverage for mental health issues, environmental protection"

        Sadly, this sounds like the pandering-to-progressives shopping list.

        It may be surpassed by Lizzie Warren, but only just.

        1. dan1980

          Re: Really?

          @D.A.M.

          Why is that wrong? The point to a representative democracy is that the elected officials should represent the views of the people.

          When did listening to the people you represent and aligning your platform with their views become 'pandering'?

          Certainly when you vote in alignment with the proddings of big corporate donors, this is not great but if you are acting on behalf of the people, that's got to be a step in the right direction, no?

          Yes, of course, not everyone in the electorate is a 'progressive' and many, many won't be, but that's the point of elections (at least when they're run fairly) - to find out which representative the majority of the people support.

          With the disclaimer that I realise the naivete of this statement, getting elected is an endorsement by the public that your platform and/or policies best represent their collective views. In a sense it doesn't matter if the candidate really believes in those views or is just 'pandering'. So long as he or she actually acts in accordance with those promised ideals then there is good representation.

          In practice this is all more complicated and far less ideal but if adopting progressive ideals gets you elected as the Attorney General of Connecticut then the majority (54%) of the people of Connecticut want a progressive Attorney General.

  5. Hellcat
    Joke

    Sounds like he wants some... Facetime.

    1. WraithCadmus

      You forgot something

      Borrow these...

      ( •_•)>⌐■-■

      1. Hellcat

        Re: You forgot something

        Thanks. Thought I was missing something.

        ( •_•)

        ( •_•)>⌐■-■

        (⌐■-■)

        Awwww Yeah!

  6. Anonymous Coward
    Anonymous Coward

    Many smart watches have come before without a whisper, which although doesn't make the questions worthless, shows this for what it is; an attempt to jump on the passing security bandwagon (with Apple as a bonus for extra headlines) to get Mr Jepsons name in the press. Well played sir, it worked, although few will believe that you are the caring security conscious saint that you are trying to pass yourself of as...

    Also most of his amazing questions for Apple were answered 6 months ago... I guess googling just doesn't generate the necessary press coverage...

    https://developer.apple.com/app-store/review/guidelines/

    1. Indolent Wretch

      Let's for one second assume the man is genuinely concerned.

      Then I'm not sure simple Googling it, and reading a canned PR statement on a developer pointed website on a page named "guidelines" put out by Apple of all people is necessarily taking your job seriously.

      Still hopefully he'll pay attention to your post and promise to be much more trusting of our corporate overlords in future.

      1. whatevs...

        "Apple of all people..."

        Loving the projection from the more googly participants of the comments...

  7. Steve Davies 3 Silver badge
    Alien

    Points to wonder

    1) Is there an election soon?

    2) Is he asking vendors of Android Wear the same thing?

    Perhaps he is indeed from another Planet.

  8. 101

    The momentary agenda...

    "[S]ecurity of personal information is top of the agenda at the moment"...for politicians facing election. Afterwards not so much. Actually, forgotten.

  9. danny_0x98

    Right Now

    Absolutely secure. No one in that state has one and no one will for quite a few months.

    Sheesh. I assume the Attorney General has his office looking into the airbag situation for flying cars, though, I presume it's a much lower priority, because, you know, they really, really don't exist yet.

    By the way, does Connecticut state law require the Attorney General to certify the security of devices and what are the criteria? Samsung and the Android world would keep him so busy that he would not have time for any thing else, especially if the process involves meeting the CEO. Our devoted Attorney General, too, may be nostalgic for the pre-tech days when he could pursue white-collar crimes with zeal.

    Oh, wait, Connecticut.

  10. Christoph

    So what happens when the Attorney General orders him to reveal who has access to the information, and the NSA have ordered him not to reveal that they have a tap implanted to grab every bit of data that enters the system?

    1. frank ly

      He goes into a special error handling state and begins to sing a medley of popular songs. (There are other possible outcomes but that's the one i'm hoping for.)

      1. Steve Davies 3 Silver badge
        Coat

        Perhaps

        Back in the USSR?

        I'm forever blowing bubbles

        'Time' followed by 'Money' and a chorus of 'Us and Them'

        Yes it is home time.

  11. Infury8r

    As the NSA rubs its hands with glee

    Oh the irony.

  12. Anonymous Coward
    Anonymous Coward

    Like proving a negative

    How are you supposed to prove something is secure, with almost literally infinite ways to attack that thing?

    I think the best you can do is offer a substantial prize for exploits and then wait for a while to see if there are any takers. Other than that, impossible.

  13. This post has been deleted by its author

  14. 45RPM Silver badge

    *Rolls eyes, chuckles* Lawyers, eh? Politicians! What a dick.

    1. Steve Davies 3 Silver badge

      Politicians in the USofA

      Are mostly Lawyers.

      You would have thought that ....

      Oh why bother, they are all S**theads and totally devoid of common sense about life outside their Country Club/Golf Course environment.

  15. Anonymous Coward
    Anonymous Coward

    Two factor authentication

    More convenient for users, with two secure elements (watch and phone) to choose from, so you aren't screwed if you lose one.

    With all the regulations around HIPAA and privacy concerns, they should require two factor by default for health related data (not stupid stuff like pulse, but true health related data that may end up in HealthKit)

    I suppose you could even do three factor (secure element, biometric i.e. fingerprint, AND password) but at some point users will reject it due to inconvenience, even if you make the grandstanding politicians happy.

  16. dan1980

    Questions are good . . .

    . . . but answers are better.

    For this exercise to be worthwhile, Mr. Cook must be pressed for accurate answers. That means that the specific topics and concerns must be explain ahead of time and the expectation made clear that Mr Cook should make sure he knows the answers or brings suitable technical assistance to explain it.

    Otherwise you just have a CEO saying that he isn't sure and will have to investigate and is not across all the technical details.

    Further, the questioning must be sufficiently persistent and the Attorney General must make sure that Mr. Cook actually gives direct answers to direct questions, rather than the non-specific waffle so common to such 'interviews' (just like politicians). Which of course means that the Attorney General's office must formulate suitably direct and specific questions.

    "Where is data stored?" is direct but not specific enough for any answer to be useful.

  17. a53

    Hmm

    Tim Cooke is now german and a hitlerite to boot ? Why the the denigrating term führer ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like