-
• #2
See the last time someone asked about this - I explained a few solutions: http://forum.espruino.com/conversations/297465/#comment13400243
there are loads of ways of securing Puck.js - but they are turned off by default to make it easy to get started with (much like almost every other device).
Probably the most secure is to turn off the UART service completely. There is then no way of reprogramming at all, except by removing the battery and re-starting it with the button held down.
How can we prevent that someone with a Bluetooth enabled browser can flash the code of the puck? There is no security in place it seems.
Probably that means we cannot use it in real life scenarios.