-
This can be also solved by whitelisting = allowing only specific devices to connect
as a quick and dirty solution there are three simple lines mentioned here
https://www.espruino.com/BLE+Security -
So I set "Settings - Bluetooth - Programmable" to Off. But it seems like that also makes Gadgetbridge notifications not work any more. Is this working as intended?
Thanks - I just looked into this and found a problem (it's an odd one as I was certain this used to work fine). If you update to bootloader 0.43 from the dev app loader at https://espruino.github.io/BangleApps/ it should now be fixed
-
• #8
First of all thank you @fanoush, when I made this thread 8 months ago I was not aware which Espruino help articles are about Espruino in general and which also apply to Bangle.js 2 in particular. Maybe the homepage could be more specific here!
I know that there is a whitelist functionality. And AFIK also a BETA feature PIN to connect. But those, I believe, are both filters at the device level not on the app level!
On Android usually not all apps can read the notifications! Apps need to request
android.permission.BIND_NOTIFICATION_LISĀTENER_SERVICE. Would it be possible for an app to break this security sandbox by requesting the Bluetooth permission instead and then reading the notifications back from the Android companion app on the Bangle.js 2 watch? Or otherwise create mischief on the watch? (By installing additional apps or setting the time). Or sending notifications that I think came from the OS/Gadgetbridge but come instead from evilapp.Maybe the functionality to install more apps onto the watch should only be possible from some apps or the browser with an extra programming PIN, and not from all apps from that (whitelisted) device.
I guess what I would love to see is some sort of threat model how the watch behaves and what is guaranteed to work and what isn't. What is the responsiblity of the user to secure and what isn't and what the guarantees in terms of isolation and security are.
Thanks in advance!
-
I'm not entirely sure what you're asking here - whether an app on the watch can influence your Android device via Gadgetbridge?
Not by default, no. What the app can do is very clearly defined. However if you enable
Intentsin Gadgetbridge's device options (it's off by default) then a malicious Bangle.js app could do a bunch of stuff on your phone.... But that's why it is off by default :)Maybe the functionality to install more apps onto the watch should only be possible from some apps or the browser with an extra programming PIN, and not from all apps from that (whitelisted) device.
If you turn 'Programmable:off' on the device then nobody can install apps unless you turn that back on. I think that's good enough security-wise...
I guess what I would love to see is some sort of threat model how the watch behaves and what is guaranteed to work and what isn't. What is the responsiblity of the user to secure and what isn't and what the guarantees in terms of isolation and security are.
You mean in terms of documentation? If you're concerned about what can be done on your Android device over Bluetooth via the Gadgetbridge connection, check out http://www.espruino.com/Gadgetbridge - it's all documented there
fanoush
Gordon
nicoboss-
Post a reply
About
Restrict Bluetooth to just Notifications for security
Posted by
@user141359
Hi,
I just received my Bangle.js 2 today. I have setup a different watchface. And setup mirroring of Android notifications by installing the Android app and the Gadgetbridge on the phone according to this guide:
https://www.espruino.com/Gadgetbridge
Now I want to lock down Bluetooth for security. So that I just get notifications over Bluetooth, but other than that the watch can't have apps installed / deleted or time or settings changed etc.
So I set "Settings - Bluetooth - Programmable" to Off.
But it seems like that also makes Gadgetbridge notifications not work any more. Is this working as intended?