Espruino JavaScript
Some Qs on security/safety/precaution measures about BJv2 thx #6283
Replies: 1 comment
-
|
Posted at 2023-10-09 by @gfwilliams
If the watch wasn't already connected to someone's phone then maybe. On Bangle.js you can add Pin pairing, whitelist, or turn off Bluetooth totally though.
No - while technically possible to do, realistically the chances of someone opening your Bangle, reading out the flash reverse-engineering Espruino's filesystem really is quite small. I think you're in danger of tin-foil-hat wearing security paranoia. But of could someone could (once they have physical access to your watch) change bluetooth settings and load the data out with the IDE/app loader.
Yes and no - I mean, if you encrypt the data with a PIN code that the user has to enter, I don't see a big problem there. There is AES encryption built into Bangle.js so you can easily encrypt individual files if needed. Of course someone could brute-force a PIN but they would have to be able to find a way of knowing if the password was legit or not - but the same would apply to any device. And yes, you wouldn't store unencrypted data - just keep it in RAM, or even better dispose of it as soon as you've drawn what you need to on the screen |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Posted at 2023-10-08 by ccchan
hi,
Gordon have the same thinking like me that indeed I could get on a train, and use DaFit to brick every other's DaFit smart watches if I wish. There is no security over there. Or even flash a malicious firmware silently?
I believe espruino on BJv2 wont be encrypted as full-disk-encryption, as in later e.g. ver 9 of android?
thus if I wanna develop something sensitive, like a cipher or password manager, the program it self should be zero-knowledge, until the user feed some keys into it? e.g. a pattern, or a PIN etc. and afterwards, should remove any temp files if necessary?
thanks.
Beta Was this translation helpful? Give feedback.
All reactions