We recently got our site (www.SiliconDroid.com) SSL-OV certified, It involved having a local registered lawyer who knows us write an “opinion letter” proving that we are a legitimate registered company (Silicon Droid Inc.)
What exactly is OV SSL? Here it’s explained by Sectigo:
“Organization Validation (OV) SSL certificates provide an extra level of online trust by authenticating the business identity and legitimacy. Organizations must prove it owns the domain name it wishes to secure and confirm that it is a legally registered business. This extra level of confirmation makes OV SSL certificates an ideal option for public-facing websites representing companies and organizations as well as sites requesting money or information from users, such as e-Commerce.”
You can audit our certificate yourself; just click the padlock icon in your browsers address bar to view the certificate information.
The firmware for the watch is 99% written. However we are currently migrating the whole codebase from ‘platform-io’ to ‘esp-idf’ toolchain. After this migration we will have better and easier maintenance of the codebase, and also an easier time generating over the air update binaries in the future. This migration will set us back a week or two. We are still looking at a 2021 release date though, stay tuned.
People have been asking (rightly so) why they should trust us with their IOTAs? After all we are not members of the IOTA Foundation.
“Perhaps the IOTA Watch is unsafe, perhaps it is a scam and it does not generate truly random seed words. Such a scam would be fairly easy to implement and hide in the watch because the watches firmware is stored in encrypted flash memory. Or it could be programmed to randomly hijack hi value IOTA sends in the future sending them to a Silicon Droid collecting address etc.”
Anyone is correct to be cautious, in fact be paranoid, this is crypto and it is relatively unregulated. However it is still regulated to some degree and IOTA is traceable. IOTA has already been targeted by a seed scammer who now stands trial after being caught.
If we were to attempt a theft of IOTAs from one or more of our IOTA Watches then we would have to do it without being caught. It would be impossible to steal any IOTAs without the user noticing something was wrong. We are an incorporated Canadian business and this website has organizational level SSL certification. The Canadian police would immediately find a SiliconDroid Inc. shareholder or our passports would be flagged and Interpol would be notified.
We choose (Like Ledger) to keep the firmware closed source and encrypted, we do this to prevent second hand IOTA watches being “backdoored” and sold on. Or even new backdoored IOTA watches appearing as the blank watch hardware can be purchased from China. Such a backdooring event would damage our reputation and brand.
Having said all of this, remain cautious; Treat the IOTA watch as you would a spending cash wallet, not a bank vault, after some years our reputation and trust will increase. The most secure method to store larger crypto amounts is on distributed paper wallets; split your 24 word list into 2 x 12 word lists and keep each list half at a different trusted location.
Even if you choose to be super cautious, and not use the wallet function, the IOTA Watch can still be useful for you:
- Monitor one or more IOTA addresses real time, the watch gives you alerts when the sum IOTA value changes.
- Monitor any IOTA node real time, the watch gives you alerts if the node becomes unhealthy.
- Monitor IOTA price and charts real time, the watch gives alerts on price and rank changes.
Be careful… “It’s a jungle out there!”
The watches firmware is pretty much fully tested and nearly ready to ship. We are working only part time at the moment, taking advantage of the summers warmth before the long Canadian winter. Things still to do:
 Add the fourth (and final before release) front watch face option, this is the address monitor, allowing you to monitor the IOTA value sum of any one or more addresses from your own receiving addresses and/or your contacts addresses. You get audio alerts if the value goes up or down.
 Finish development and testing the secure OTA (over the air) update function. OTA enables you to update your watches firmware securely with the tap of a button when an update is available, just like you do with your mobile phone.
 Obtain language files for French, Italian, Spanish. We already have English and German.
 Create a PDF instruction manual for the watch (English only).
 Look at ways to accept IOTA as a form of payment in our WooCommerce shop.
The tentative estimated release date is now September 2021.
We’ve deployed an IOTA Hornet node.
Hardware: 4*CPU, 8 GB RAM, 160 GB SSD
The entire IOTA watches firmware is written in C++ for efficiency and speed. Our source code (45,000 lines) obeys best OOP practices of abstraction and encapsulation. We take our time to write good embedded code, code that does not leak memory, code that can run in 320kb of RAM without any heap corruption, it even looks pretty. For the end user it simply means a stable system.
Here’s a screenshot of some of our source code, because it also looks tidy 🙂 :
The new version of the ESP32 system on chip is secure, it has fixed the fault injection vulnerability found on earlier versions, here’s what Espressif say about it:
Fixed Fault injection issues regarding secure boot and flash encryption are fixed.
Reference: Security Advisory concerning fault injection and eFuse protections
(CVE-2019-17391) & Espressif Security Advisory Concerning Fault Injection and Secure
The IOTA Watch was slow to get HTTPS data from any server during the first call and connection to the server. This has been fixed and reading over HTTPS now happens very quickly. The fix involved migrating to a new ESP32 library namely WiFiClientSecure. What does this mean for the end user?… It means that you don’t have to wait multiple seconds when your watch makes first contact with an IOTA node, it connects instantly (<1 second).
Currently writing the contact book menu for the watch, here users will be able to: send iotas to, view, add and delete contacts. A contact will consist of a user name and an iota address.