Is your Raspberry Pi safe? Of course it is. But is it really safely ? Is the data on it safe? Can the project be thwarted against you?
Now you’re thinking.
Previously, we discussed the steps that need to be taken to ensure but do you understand why? Are you sure you know what’s in danger?
If your Raspberry Pi is online at some point while developing or using your latest project, you need to be aware of these possibilities.
1. Your device is the target
You can have different purposes for your Raspberry Pi. It doesn’t matter At this point, just understand one thing: it’s a target, just like any connected device.
Look, this shouldn’t come as a surprise. While the chances of any major worm or ransomware infecting your Pi are unlikely (Linux is perfectly protected against malware), there are other considerations here. We are not really talking about viruses, worms or other malware. Rather, the risks are associated with targeted attacks by threat actors with a specific goal.
Usually this goal includes personal gain, although this can be more destructive. This does not mean that traditional malware will never be used — software running on the Pi could be vulnerable and the device could potentially be used as part of a botnet.
So it could be something that affects the media center project or game project. More worryingly, this could be an attack that threatens the Raspberry Pi smart home project. Everything you do with your Raspberry Pi is truly a goal.
In fact, even if your Raspberry Pi project is offline, it can be targeted. We’ll come back to this in a minute, but first…
2. Does your Pi need to be online?
It’s almost a reflex action: when your Pi’s operating system is installed, you plug it into your local network. Indeed, if you installed the OS using the NOOBS tool it might even be connected already.
And then there’s the Raspberry Pi 3 and Pi Zero W with built-in wireless networks. Although these devices do not automatically connect to your network, the object is already there, ready and waiting. But does your Raspberry Pi really need to be connected to the network?
Of course, if you use it as a media center or as a retro gaming device then some network access is probably needed. And you may want to establish an SSH connection to send instructions, or install software on the Pi for the current process.
But if there is no need for a network connection, then you can keep the Pi offline.
3. Is SSH completely secure?
These days, the Raspberry Pi’s main operating system, Raspbian Stretch, comes with SSH disabled. (Enabling it is simple: just create a text file with no extension called «SSH» in the SD card’s boot directory.)
It is likely that you have enabled SSH at some point. But is it safe?
First, you should have changed the default username and password for your Pi. Without this, anyone can remotely connect to your Pi via SSH. It doesn’t take long to log in with the default credentials. They can even change the username and password so you never connect to your Pi again!
You can further tighten SSH by restricting users by username. This can be done in the config file SSHD . Open it in nano with:
sudo nano /etc/ssh/sshd_config
At the end of the file, add this line:
AllowUsers [your_username] [another_username]
Click ctrl > X to exit while keeping the . After that, restart the sshd service:
sudo systemctl restart ssh
Note that you can use the command DenyUsers in the same way to explicitly block SSH connection attempts. However, for best results, disable SSH in the Raspberry Pi setup tool when not needed.
4. Can your Raspberry Pi be physically accessed?
Another risk to consider is the physical location of your Pi. After all, it’s not just about remote access — someone hosting a Raspberry Pi could be potentially dangerous, especially if the device is already connected to your wireless network.
With default credentials set, an attacker can easily use the Pi to log into your home network. Chaos may follow.
The way you use your Pi can betray its location in your home. For example, a Kodi media center (using OSMC, LibreELEC, or other software) is likely to be found next to your TV. The same goes for the game center. You know this, as does the would-be thief.
That’s not even taking into account the use of your Pi. Raspberry Pi is used as a NAS. could be added to some valuable data. If this is not kept strictly off site, you may find that the data disappears quite suddenly. The same goes for using your Pi as a router or hardware firewall. Allowing physical access to a device used in this way can potentially open many attacks for you. All that is needed is to replace the SD card with one running a similar project but configured to the hacker’s specification.
5. What projects are running on your Raspberry Pi?
Physical and digital risks combined can potentially destroy your security when it comes to the Internet of Things. Smart home projects using the Raspberry Pi can be damaged, destroyed, or simply undermined without the right attitude to safety.
There is probably no situation in which you want your device to be controlled by a stranger. For example, projects that use NFC to unlock drawers or doors can be hacked using known vulnerabilities in NFC.