[BJv2] Security features- physical access?

Hi,

What is stored on the watch from my phone, is it messages emails etc, I assume this is configurable?

• the contents of any notifications on your phone's screen. By default these also get deleted as soon as you disconnect from your phone. So not full emails or anything like that.
  
• the current weather
  
• what music is playing if you were playing anything on your phone
  
• any alarms set in Gadgetbridge (I don't think this syncs with phone alarms)
  
• If enabled, Calendar entries for the next few days are synced too with the first few hundred chars of the entry. That's probably the biggest privacy issue.
  
  

It would be pretty straightforward to have an option that deleted your calendar when your phone bluetooth connection dropped, which would solve that issue though.

Is there any kind of scope for physical access control (a pass code screen lock)/device encryption code?

No - it's been discussed, but it's a bit of a minefield. For instance a 6 digit pin code might be considered a lot - you could encode everything you store in flash memory with that, right?

Once the encoded contents were out of the watch's memory, how long do you think it'd take them to brute-force all 1000000 pin codes by running it against an emulated Bangle.js to see if it boots? Once the code was written, it'd be maybe an hour.

I feel like a lot of big companies are going to rely on some obscurity - either a hidden key in the chip for encoding, or making the memory impossible to read out with custom silicon. But that's completely at-odds with making an open, hackable watch where everyone can see all the firmware :(

Sure, we could make it more difficult to get the data, but if there's one thing I've learnt it's that for the people that care about this, they will never be happy if there's any chance of their data being accessed so I'd rather not even try, and just say that any info stored on the watch should be considered potentially at risk.

Is there any kind of scope for wrist detection (such as on apple watches, the watch auto locks when removed)

The HRM can detect if it's against a surface, so that could be useful although not foolproof.

What data would be accessible without such features/locks if my watch got stolen?

You've got to assume basically anything could be read out by someone sufficiently intelligent.

• I have seen threads regarding secure boot (personally signed firmware/bootloaders). Is there truly any benefit to this if the device is unencrypted?
  
  

No, I don't think so. If you have physical access to the device, you can physically unsolder the flash chip and stick it in a programmer.

• When is phone data/notifications removed from the bangle.js2? I assume the majority is not stored in volatile memory and therefore persists following a shutdown?
  
  

Yes, it's stored in flash - but as above when bluetooth disconnects messages are removed. however Bangle.js uses a journalling filesystem, so if you were sufficiently clued up you could still dig it out of memory unless require("Storage").compact had been called.

I should add here that there's nothing built into the Bangle.js low-level firmware that stores messages in flash, it's all JS - in fact as far as I know, when a message is received it's stored in RAM, and if your clock supports fast load the message is kept in RAM (and not written) and the messages app is loaded. If the message is acknowledged at that point, it'll be removed, and at no point will be message have been stored in volatile memory.

If you were willing to potentially lose messages, you could just delete the relevant line that writes the message (https://github.com/espruino/BangleApps/blob/master/apps/messages/lib.js#L140) - or even just paste require("messages").write = function(){}; into the Custom Boot Code app, and then no messages would ever get written to volatile memory.