Ready, Set, Get Hacked! Security and Raspberry Shake#

Warning

Do not get hacked! CHANGE YOUR SSH passwords! Your Raspberry Shake Personal Seismograph is an IoT with a Debian Operating System. This means it can be hacked. So take steps to protect it. You can start by changing the ssh passwords from the defaults we ship the units with. For Linux power users, we recommend using ssh-keys, they are way more secure than passwords.

All communication on the Raspberry Shake personal seismograph is run through the Raspberry Pi computer’s Debian OS.

The Raspberry Shake team has specifically constructed the system so as to minimize all possibilities of break-ins and takeovers:

  • Login access via root user is disabled

  • All programs involved with GUI display have been removed from the system, including X11 itself and browsers

  • Because the browsers are not there, inadvertent downloading of malware is significantly reduced (unlike any normal computer running a browser)

  • The program responsible for sending data to the Raspberry Shake Data server (if the unit is configured to do this), makes the connection from inside the Pi box to the server, i.e., no communications with the individual unit is initiated, or occurs, from the outside.

To further lock down the computer, we encourage the end-user to implement ssh keys, thus making access to the unit only possible from another specific computer. With ssh keys implemented, access from the outside is very difficult if not impossible. In fact, because of the special care we have taken in this regard, we think that when the Shake is placed onto any type of local network and is additionally locked down with ssh keys, it will be one of the most secure computers on the network; it is not more insecure merely because it is operating an IoT or because it is some model of Raspberry Pi.

The recent stories of IoT break-ins and takeovers all resulted from a delivery of the unit by the manufacturer with default usernames and passwords that never got changed, as well as the fact that no instructions were provided in terms of how to lock down the unit, leaving the end-user and the Internet itself exposed. The Raspberry Shake very much does not fall into this category.

How to change your ssh password#

Open the Raspberry Shake’s webpage at http://rs.local/, click on the Actions gear icon and navigate to Actions icon >> ACTIONS >> CHANGE SSH PASSWORD

Username: myshake

Default ssh password: shakeme

Note

Power users will notice that we have disabled login/ssh via root.

Changed the password? Write it down!!!!! (and not on the back of your hand! That washes off ;)

Oops! I forgot my ssh password#

Our lives are a tangled mess of passwords. If you forgot your ssh password, you have two options: 1) burn a new SD card image. See microSD card topics for instructions; or 2) follow the instructions below.

  1. Power off your Raspberry Pi

  2. Remove the SD card and plug it into a Linux computer (or any OS that recognizes ext3/4 fs).

  3. Edit these files:

    /yourmountpoint/etc/shadow
/yourmountpoint/etc/shadow-

The contents of these files should look like:

uucp:*:17067:0:99999:7:::
proxy:*:17067:0:99999:7:::
www-data:*:17067:0:99999:7:::
backup:*:17067:0:99999:7:::
list:*:17067:0:99999:7:::
irc:*:17067:0:99999:7:::
gnats:*:17067:0:99999:7:::
nobody:*:17067:0:99999:7:::
systemd-timesync:*:17067:0:99999:7:::
systemd-network:*:17067:0:99999:7:::
systemd-resolve:*:17067:0:99999:7:::
systemd-bus-proxy:*:17067:0:99999:7:::
messagebus:*:17067:0:99999:7:::
avahi:*:17067:0:99999:7:::
ntp:*:17067:0:99999:7:::
sshd:*:17067:0:99999:7:::
statd:*:17067:0:99999:7:::
dnsmasq:*:17113:0:99999:7:::
myshake:$6$hvlGSaAC$8PhXPPbX8B4IkIqH3nIf7HZncYeSSrogAKgO6Y2euYTDDs6gZQWmGqizrNHjiEVJH9ahN1Nmes1vmuB/GZdAN.:17123:0:99999:7:::
avahi-autoipd:*:17124:0:99999:7:::

  1. Change the myshake string to:

    $1$sdM0vfNB$ZQBLXqyXoLj02DQWfftyl1

Now the files should look like:

uucp:*:17067:0:99999:7:::
proxy:*:17067:0:99999:7:::
www-data:*:17067:0:99999:7:::
backup:*:17067:0:99999:7:::
list:*:17067:0:99999:7:::
irc:*:17067:0:99999:7:::
gnats:*:17067:0:99999:7:::
nobody:*:17067:0:99999:7:::
systemd-timesync:*:17067:0:99999:7:::
systemd-network:*:17067:0:99999:7:::
systemd-resolve:*:17067:0:99999:7:::
systemd-bus-proxy:*:17067:0:99999:7:::
messagebus:*:17067:0:99999:7:::
avahi:*:17067:0:99999:7:::
ntp:*:17067:0:99999:7:::
sshd:*:17067:0:99999:7:::
statd:*:17067:0:99999:7:::
dnsmasq:*:17113:0:99999:7:::
myshake:$1$sdM0vfNB$ZQBLXqyXoLj02DQWfftyl1:17123:0:99999:7:::
avahi-autoipd:*:17124:0:99999:7:::

  1. Unmount the SD card

  2. Return the SD card to the Raspberry Pi

  3. Power On. Now the password is: 12345678.

    Note

    Do not forget to change this password when the system boots up.

More notes about Security and the Raspberry Shake#

Computer security is an important issue now that the internet has evolved to what it is today. While we all regularly hear that keeping the OS up-to-date is important in keeping systems secure, the non-standard aspect of the Raspberry Shake operating environment means there a few things all Raspberry Shake users should be aware of:

  • Using the auto-update mechanism, the operating environment of the Raspberry Shake is fully maintained by the team here at Raspberry Shake. We strive to guarantee that systems are up-to-date and any known security issues are fully mitigated.

  • The Linux OS typically does not expose itself to security holes with any frequency that must be actively guarded against. This is differentiated from specific applications, (like a browser, for example), that can create their own security issues regardless the flavor of OS they run on. But since these types of programs are not running on the Raspberry Shake boxes, this is not a problem.

  • Rather, security threats occur, by in large, through the use of public-facing programs or services where the computer is directly exposed to incoming requests from the internet. While an OS update also does updates of individual programs that may have holes, these types of security breaches are not possible with the Raspberry Shake since:

    1. The recommended installation configuration is to have the Raspberry Shake box on a LAN and not directly exposed to the WWW WAN.

    2. No public services are being provided to any end-user or computer beyond the LAN on which the Raspberry Shake itself resides, i.e., it is not acting in the capacity of a server to the internet at large. This means that for someone to break into the Raspberry Shake they would first need to get through the LAN’s router, and onto the LAN itself, before being able to break into the Raspberry Shake unit.

    3. We also recommend that the Raspberry Shake’s password be changed upon receiving the unit (see above). While this currently requires an operation be done “by hand”, an update is planned for the near future that will do this through the front-end configuration interface.

    4. Additional security measures to lock down the Raspberry Pi are available when you like: for example, install your own ssh keys and rules to further restrict access to only specific users and/or computers.

    5. Communications between the Raspberry Shake and the AM network data server are instigated by the Raspberry Shake unit itself and not the server. What this means is that there is no open door made available to the world at large by forwarding Raspberry Shake data off your LAN to another computer.

  • We are confident that when the above guidelines are enacted and enforced, regardless if the OS is regularly updated or not, the risk of a break-in is very near zero.

That said, we actively monitor the state of any security threats of relevance to the Raspberry Shake system and will respond accordingly when necessary.

Warning

We do not recommend updating the Raspberry Pi’s OS The problem with updating the OS, without regard to the operating environment it supports, is that the possibility exists for the update to break some instance of infrastructure on which the executing system relies. It is possible that the Raspberry Shake unit will simply stop functioning and you won’t know why. Rather, it is preferred that the maintainer of the system fully understand the implications of any OS update on the system itself before allowing such an update to take place. Only once an OS update has been fully vetted (vs. all activities it is required to support) should it then be rolled out to individual units in the field.

fail2ban#

If you plan to expose your Raspberry Shake to the Internet at large, we recommend using a tool similar to fail2ban, a program that scans log files (e.g., /var/log/apache/error_log) and bans IPs that show malicious signs such as failed login attempts.

Final words#

We take security seriously. It is our intent that because of how the system is constructed regarding security concerns, coupled with full explanations of what this means, that this should result in a high level of confidence for our end-users (and their network administrators): that the Raspberry Shake is a very secure box and will not fall victim to a takeover attack.

An interesting read published in NPR in 2016: An Experiment Shows How Quickly The Internet Of Things Can Be Hacked