Since its initial release in February 2012 the Raspberry Pi – a very inexpensive, palm-sized computer meant to help teach computer science in schools – has become a favorite of hobbyists, makers, and tech enthusiasts everywhere. Why wouldn’t it be? The Raspberry Pi offers tinkerers a very low-cost (both to buy and to run) computer in an extremely compact platform. In addition, because of its origins as an educational tool, it’s easy to use and is versatile. Accordingly, it can be used in all sorts of creative ways.
However, its apparent simplicity and low cost comes with a downside. The Raspberry Pi is not a simple “device” with limited capabilities; it is a fully capable computer. The same pitfalls that befall normal desktop computing can hit the Raspberry Pi, if it is not properly secured.
Some uses of the Raspberry Pi actually turn them into servers, and that is something that users may not really know how to secure. For example, some people have made the Raspberry Pi into a server that controls their home automation system, or allows users to watch videos served by the Pi remotely.
For many uses of the Raspberry Pi, security isn’t much of a concern – it will never be online or even exposed to external input that could be used as an infection vector. The trouble comes when it’s used in situations where it is online – particularly as a server – where it’s at potential risk. For example, some automated scanners are already trying to log in with the pi user.
In short, the Raspberry Pi is only as secure as the uses you use it for. Good server security is not always easy; consider that even IT professionals make mistakes. Look into known server best practices if you do use a Raspberry Pi for these uses. Considering its origin as an educational tool, learning how to secure a server would be an appropriate use for a Raspberry Pi. You can also check out the infographic we’ve made about this issue here.
We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.