Raspberry Pi are single board computers whose low cost makes them used for a multitude of the most varied technological projects. Computer security experts have now discovered vulnerabilities, so you should change your password as soon as possible.
Users running Raspberry Pi or Linux should immediately change the default passwords, judging by the results of a bulletproof cybersecurity vendor report.
Danger with Raspberry Pi passwords
At Bulletproof they installed a series of honeypots in the cloud to analyze the behavior of threat actors and how hackers acted over 37 days.
Among the results of this observation, it was found that 70% of web traffic was made up of bots and, in order to enter systems and devices, default credentials were the most common passwords used by criminals to try to access.
raspberry pi
These same security researchers indicate that there are more than 200,000 computers on the Internet running the Raspberry Pi system. Among the top failed login attempts with default credentials targeting honeypots, the Linux username and password “nproc” ranked second, and the combination of “pi” and “raspberry” came in eighth.
Note that the Raspberry Pi operating system uses a default password. “Raspberry Pi OS ships with default credentials (user: pi and password: raspberry) very easy for hackers. What this tells us is that even default passwords are not changed,” the report states.
Any user who is aware of this could gain access to our Raspberry Pi with advanced permissions.
“A target for a cyber attack could be as simple as an office screen running the Raspberry Pi operating system. Hackers will generally focus their attention on easy targets first, and Raspberry Pi devices are cheap, easy to set up, have benefits out of the box, and will most likely connect via VPN or WiFi. If misconfigured, they increase the attack surface, risking hackers taking full operational control and exposing sensitive areas of the business.”
Change default passwords
Although this study has focused on Raspberry Pi and Linux, there are many other devices that we use on a daily basis and that we let work with default passwords, such as the router.
raspberry-logo
When it came to brute force attacks, among the most common passwords used by attackers were “1”, “admin”, “admin123” and “PASswoRD”, according to the Bulletproof report.
A good password for any device, in addition to being personalized and not using the one that comes by default, it is important that it be long and have letters (both uppercase and lowercase), numbers and other special symbols.
All this always randomly and the password should never be repeated elsewhere, so as not to end up causing a domino effect if cybercriminals or hackers discover one of them.
