Unlike the iPhone, the Apple Watch does not have a fingerprint sensor which means that when it comes to authenticating Apple Pay transactions, and recently it seems that in a video by GadgetHacks, they have found a way to bypass the security feature implemented by Apple on the Apple Watch to authorize Apple Pay transactions.
For those who are unfamiliar with how the Apple Watch authorizes mobile payments, basically it has to do with keeping contact with your skin. Once the watch is removed, Apple will lock the device and users will have to re-enter their password to authorize the device once again. However the flaw is that it takes about a second for the watch to detect that it is no longer on the owner’s wrist.
What this means and this is demonstrated in the video above, is that the thief could simply place their finger over the sensor to trick the watch into believing it is still on the wrist of the owner. Apparently this is because the watch’s sensors cannot tell the difference between the wrist and a finger, thus leading to this exploit.
That being this isn’t exactly a very easy trick for thieves to pull off as they would need to be very quick in snatching the watch off and placing their finger over it, and all of this is assuming that the user has setup Apple Pay to begin with. However it is still a flaw and hopefully one that Apple will be able to address in the future.