I got a banglejs2 about a month ago and it's the best money I've spent on a watch ever. I've been lurking without an account here and seen several people talking about things like screen locks and ROM encryption could possibly be implemented.
One thing I would certainly praise bangle.js2 for is the fact if offers many ways to mitigate attacks on the device via Bluetooth/non physical access. This is not present in many devices on the market.
However, a notable attack vector seems to be physical access. I am still very new to bangle.js but have several questions.
What is stored on the watch from my phone, is it messages emails etc, I assume this is configurable?
Is there any kind of scope for physical access control (a pass code screen lock)/device encryption code?
Is there any kind of scope for wrist detection (such as on apple watches, the watch auto locks when removed)
What data would be accessible without such features/locks if my watch got stolen?
I have seen threads regarding secure boot (personally signed firmware/bootloaders). Is there truly any benefit to this if the device is unencrypted?
When is phone data/notifications removed from the bangle.js2? I assume the majority is not stored in volatile memory and therefore persists following a shutdown?
4 is my most pressing question. I mean, I'm not really bothered about a sophisticated attacker analyzing my watch, but I certainly am bothered about a thief stealing my watch and having access to a text from my friend saying my home address or similar sensitive data? Or, even a friend or stranger messing with the watch when unattended for a short period like at a coffee shop etc? Or someone just my data being accessible if I lose the watch.
Is there any way to have the same level of control over physical access as there clearly is for Bluetooth? From what I have read thus far it appears most of these options are currently possible due to hardware limitations. I wondered if any dev's had anything I mentioned on their roadmap, or is there something I am missing?
Espruino is a JavaScript interpreter for low-power Microcontrollers. This site is both a support community for Espruino and a place to share what you are working on.
I got a banglejs2 about a month ago and it's the best money I've spent on a watch ever. I've been lurking without an account here and seen several people talking about things like screen locks and ROM encryption could possibly be implemented.
One thing I would certainly praise bangle.js2 for is the fact if offers many ways to mitigate attacks on the device via Bluetooth/non physical access. This is not present in many devices on the market.
However, a notable attack vector seems to be physical access. I am still very new to bangle.js but have several questions.
4 is my most pressing question. I mean, I'm not really bothered about a sophisticated attacker analyzing my watch, but I certainly am bothered about a thief stealing my watch and having access to a text from my friend saying my home address or similar sensitive data? Or, even a friend or stranger messing with the watch when unattended for a short period like at a coffee shop etc? Or someone just my data being accessible if I lose the watch.
Is there any way to have the same level of control over physical access as there clearly is for Bluetooth? From what I have read thus far it appears most of these options are currently possible due to hardware limitations. I wondered if any dev's had anything I mentioned on their roadmap, or is there something I am missing?
Thank you to all the devs.