Why using Raspberry Pi devices could be a big security risk, and how to prevent it!
Numerous Linux and Raspberry Pi devices are now on the internet with just the default password as protection. Automated bots are scanning for susceptible devices with the use of these default passwords; which are in the hands of hackers. Installing malware is a simple process once they’ve located them.
According to a recent Bulletproof threat assessment; the most frequent default passwords are “knockknockwhosthere,” “nproc,” “1,” “x,” “1234”, “123456,” “root,” and “raspberry.”
Attack location that is quite easy to get to
“The default credentials for the Raspberry Pi (un:pi/pwd:raspberry) are included.” There are more than 200,000 Raspberry Pi computers on the internet; making it an attractive target for cybercriminals. On Linux computers, we may also observe what seems to be credentials (pwd:nproc/un:nproc). According to Brian Wagner, Chief Technology Officer of Bulletproof; “This underlines a critical problem – default credentials are still not being altered.”
How to protect your Pi and your network?
The best solution is to change the default login to keep your system secure. With the recent update, Raspberry Pi OS prompts the users to set up a new password right after installation. However, if you still haven’t changed your password, this is how you do it.
- You can log in using the default username: “pi” and the default password: “raspberry”.
- After logging in, use the
passwd
command to change your password instantly. - Open the command line, type
passwd
, and press “Enter.” - You’ll get asked to enter your current password for verification.
- After verification, you can type in your new password and press “Enter.”
- Once you’ve successfully verified your password, it’ll get applied right away.
Note:
You’ll not be able to see any characters on the display while entering the password. So, don’t panic; just type in your password and press “Enter.”
Read more: https://bestgamingpro.com/using-linux-with-raspberry-pi-devices-is-a-big-security-risk/
Secure your Raspberry Pi by enabling automatic software updates
Another great step to take to ensure your security online is to keep the software on your devices up to date and install any software updates that come out. “This advice doesn’t just apply to your computers and phones, but also internet of things devices like a Raspberry Pi or BeagleBone Black. Luckily this is an easy process with the help of one important software package. In Raspbian and other Debian-based Linux systems, the unattended-upgrades
package automates the process of downloading and installing software updates on your system. You can configure it to either download only security updates or also download general software updates and it will run silently in the background keeping your software up to date. Here’s how to install it on a Raspberry Pi.”
Installing unattended-upgrades
We’ll be working from the terminal, so start a shell if you aren’t already working from the command line.
To install unattended-upgrades on your system, all you need to do is install it using apt:
sudo apt-get update
sudo apt-get install unattended-upgrades
These commands will install unattended-upgrades, but it still needs to be tested and enabled before it can be used.
Testing unattended-upgrades
Once you’ve installed unattended-upgrades, it’s a good idea to test that everything is working using a dry run. This will check for software which can be updated but will stop short of actually downloading and installing any updates.
To trigger a dry run, type the following:
sudo unattended-upgrade -d -v --dry-run
In the output, you’ll see your system connect to the package servers, download the latest versions of all your packages, and then if updates are available for your system they’ll be listed here. The most important thing to look for is the absence of any errors. If you’re getting errors now, you’ll need to diagnose what’s preventing this from working before proceeding.
Enabling unattended-upgrades
Lastly, to enable unattended-upgrades so it automatically runs on your system, type:
sudo dpkg-reconfigure --priority=low unattended-upgrades
You’ll be presented with a confirmation screen that you want to enable automatic software updates. Select Yes
to proceed.
After that you’re good to go.
From now on your Raspberry Pi will automatically download and install the latest software updates as they become available.
Setting up a Firewall on your Raspberry Pi
Need to take it another step further? A critical part of maintaining the network security of your Raspberry Pi is to make use of a firewall.
A firewall is used to block and allow incoming connections to your device. This will enable you to stop outside users from accessing. One of the easiest ways of setting up and configuring a firewall is by using UFW.
By default, most firewalls will block all inbound traffic for any port that hasn’t been explicitly opened.
1. Before you begin, make sure you have UFW installed to your Raspberry Pi.
You will find that UFW makes your life easier when dealing with the firewall.
2. Next, we need to open up the SSH port. Otherwise, we won’t be able to access the Raspberry Pi over SSH.
For the SSH port, we can use the limit
functionality within UFW.
Limiting the connection will reduce the ability of someone trying to brute force your SSH connection while still allowing access.
sudo ufw limit 22/tcp
3. If you are using your Raspberry Pi to host something like an NGINX or Apache web server, then there are a couple more ports you need to open.
We can open up the HTTP (80
) and HTTPS (443
) ports by running the following commands.
sudo ufw allow 80
sudo ufw allow 443
4. Once you have configured your firewall, you can switch it on by using the command below.
sudo ufw enable
If you want to configure UFW further, be sure to check out this guide on that.
Conclusion
We’ve already looked at the steps you can take to avoid security threats affecting your Raspberry Pi. It’s important that you team this information up with the active threats to popular Pi projects. Vulnerabilities in retro gaming emulators and media centers don’t have to be targeted at the Raspberry Pi to affect you. The same goes for web hosting and blogging software. As such, stay aware of the risks.