precaution measures about BJv2 thx

Posted on Sun 8th, October 2023

• #1

ccchan
hi,
1. Gordon have the same thinking like me that indeed I could get on a train, and use DaFit to brick every other's DaFit smart watches if I wish. There is no security over there. Or even flash a malicious firmware silently?
2. I believe espruino on BJv2 wont be encrypted as full-disk-encryption, as in later e.g. ver 9 of android?
3. thus if I wanna develop something sensitive, like a cipher or password manager, the program it self should be zero-knowledge, until the user feed some keys into it? e.g. a pattern, or a PIN etc. and afterwards, should remove any temp files if necessary?
thanks.
• #2

Gordon

I could get on a train, and use DaFit to brick every other's DaFit smart watches if I wish

If the watch wasn't already connected to someone's phone then maybe. On Bangle.js you can add Pin pairing, whitelist, or turn off Bluetooth totally though.

BJv2 wont be encrypted as full-disk-encryption

No - while technically possible to do, realistically the chances of someone opening your Bangle, reading out the flash reverse-engineering Espruino's filesystem really is quite small. I think you're in danger of tin-foil-hat wearing security paranoia.

But of could someone could (once they have physical access to your watch) change bluetooth settings and load the data out with the IDE/app loader.

thus if I wanna develop something sensitive, like a cipher or password manager, the program it self should be zero-knowledge, until the user feed some keys into it?

Yes and no - I mean, if you encrypt the data with a PIN code that the user has to enter, I don't see a big problem there. There is AES encryption built into Bangle.js so you can easily encrypt individual files if needed.

Of course someone could brute-force a PIN but they would have to be able to find a way of knowing if the password was legit or not - but the same would apply to any device.

And yes, you wouldn't store unencrypted data - just keep it in RAM, or even better dispose of it as soon as you've drawn what you need to on the screen

Post a reply
- Bold
- Italics
- Link
- Image
- List
- Quote
- code
- Preview
Formatting Help

Don't worry about formatting, just type in the text and we'll take care of making sense of it. We will auto-convert links, and if you put asterisks around words we will make them bold.

Tips:

Create headers by underlining text with ==== or ----

To *italicise* text put one asterisk each side of the word

To **bold** text put two asterisks each side of the word

Embed images by entering:
![](https://www.google.co.uk/images/srpr/logo4w.png)
That's the hard one: exclamation, square brackets and then the URL to the image in brackets.

* Create lists by starting lines with asterisks

1. Create numbered lists by starting lines with a number and a dot

> Quote text by starting lines with >

Mention another user by @username

For syntax highlighting, surround the code block with three backticks:

```
Your code goes here
```
Just like Github, a blank line must precede a code block.

If you upload more than 5 files we will display all attachments as thumbnails.

For a full reference visit the Markdown syntax.

Some Qs on security/safety/precaution measures about BJv2 thx

About

Some Qs on security/safety/precaution measures about BJv2 thx

Actions

Some Qs on security/safety/precaution measures about BJv2 thx

Formatting Help

About

Some Qs on security/safety/precaution measures about BJv2 thx

Actions

Espruino