On April 24, 2015, Apple launched themselves into the wearables category with the introduction of Apple Watch. This June, at Apple's Worldwide Developer Conference, Apple announced that their watch is not only the #1 selling smartwatch worldwide by far, but also announced the introduction of new capabilities that will come with the release of watchOS 4. Like other devices, Apple Watch can contain user data such as email and text messages, contacts, GPS and more, and like other devices and operating systems, has become a target for malicious activity.
In the Apple ecosystem, in order to explore the internals and security aspects of an Apple iOS based device it's necessary to use a jailbreak. However, a jailbreak does not exist publicly for watchOS so we had to create the first ever public Apple Watch jailbreak. This talk will take us inside the mind of a researcher, showcasing the unique set of skills, determination and rationalization needed from someone in order to piece this jailbreak together from scratch. We will provide an overview of Apple Watch and watchOS security mechanisms including codesign enforcement, sandboxing, memory protections and more. This will ultimately lead to a demonstration and explanation of the jailbreak and what we were able to learn about its general structure and ability to access iPhone-synced data.