Raspberry Pi has made major changes to enhance security

Raspberry Pi has made changes to the operating system Raspberry Pi OS to remove the default username and password.

Previously, the default username and password for small computers were “pi” and “raspberry”, respectively. This has made it easier to set up new Pi devices, but it could also easily hack popular Internet-connected devices by remote attackers. Use techniques such as password spray..

“In the past, every installation of the Raspberry Pi OS had a default user of” pi “. This is not that weak. If someone wants to hack you, just knowing a valid username doesn’t help much. system. They also need to know your password and have some form of remote access enabled in the first place. ” Simon Long, Senior Engineer at Raspberry Pi Trading, explains..

“Still, it may make brute force attacks slightly easier. In response, some countries have introduced legislation that prohibits devices connected to the Internet from having default login credentials. doing.”

The United Kingdom, for example, plans to introduce new regulations such as: Prevent manufacturers of Internet of Things (IoT) devices from shipping them to consumers using default usernames and passwords.. The UK’s National Cyber ​​Security Center (NCSC) has approved the Product Security and Telecommunications Infrastructure (PSTI) bill as people become more dependent on devices connected to the Internet due to the pandemic.

According to Long, the latest release of the Raspberry Pi OS removes the default “pi” username, and a new wizard requires users to create a username on the first launch of a newly flashed Raspberry Pi iOS image. But he also states that not all existing documents are consistent with the new process.

“This is consistent with the behavior of most current operating systems, and although some issues may occur if the software (and documentation) expects the presence of a” pi “user, It feels like a wise change to make at this point. “He points out.

Still, the wizard process is required to set up the desktop, so users may need to make some changes when setting up a new Raspberry Pi device.

“Because this is how to create a user account, the wizard operation is no longer an option. You will not be able to log in to the desktop until you have created a user account. Therefore, instead of running as an application on the desktop itself as before. In addition, the wizard now runs in a dedicated environment on first boot. “

The main difference is that previous users were prompted to enter a new password. The user is now prompted for a username and password.

On the Raspberry Pi, users can still set their username to “pi” and their password to “raspberry”, but they get a warning that it’s unwise to choose the default.

“Some software may require a” pi “user, so it’s not entirely authoritarian about this. However, it is highly recommended to choose something else, “Long says.

Raspberry Pi sales surged at the beginning of the pandemic as consumers sought cheap home computing devices. However, the Raspberry Pi is currently facing supply constraints due to a global chip shortage. This week, even Raspberry Pi chief Upton admitted that resellers are out of stock.

“Demand for raspberry pie products has risen sharply since the beginning of 2021, and supply constraints have prevented us from flexibly responding to this demand. As a result, backlogs for almost all products are significant. As a result, many resellers have their own backlog and fill it when they receive the stock from us. ” Upton said.. Raspberry Pi has made major changes to enhance security

Back to top button