Raspberry Pi made a change to its operating system Raspberry Pi operating system removed the default username and password.
So far, the default usernames and passwords for tiny computers have been “pi” and “raspberry” respectively, which makes it simple to set up a new Pi device but also potentially makes ubiquitous internet-connected devices make it easier for remote attackers to attack them. through techniques such as password injection.
“So far, all Raspberry Pi OS installations have had a default user of “pi”. This isn’t a weakness – just knowing a valid username doesn’t really help much if someone wants to. hack into your computer”. system; they also need to know your password and you need to enable some form of remote access in the first place” Simon Long, senior engineer at Raspberry Pi Trading, explains.
“But anyway, it can make a brute force attack a little easier, and in response to this, some countries are now enacting legislation that prohibits any Internet-connected device from posting information on it.” default input.”
For example, the UK plans to introduce new regulation prevent Internet of Things (IoT) device manufacturers from shipping them to consumers with default usernames and passwords. The UK’s National Cyber Security Center (NCSC) has endorsed the Product Security and Telecommunications Infrastructure (PSTI) Bill as the pandemic increases people’s reliance on connected devices. Internet.
Long said the latest release of the Raspberry Pi Operating System removes the default “pi” username and a new wizard that forces users to create a username on the first boot of the Operating System image Newly flashed Raspberry Pi. But he also noted that not all existing documents will be suitable for the new process.
“This is consistent with the way most operating systems work today, and although it can cause some problems where the software (and documentation) assumes the existence of the user “pi” , but it seems like a reasonable change to make at this point,” he noted.
However, it can mean a few changes for users when they set up a new Raspberry Pi device as the tutorial process is required for desktop setup.
“Working through the wizard is no longer an option, as this is how a user account is created; until you create the user account, you can’t log in to the desktop. So instead of that runs as an application in the desktop itself as before, the wizard now runs in a dedicated environment at first boot.”
The main difference is that the user was previously prompted for a new password. Now the user is prompted for a username and password.
The Raspberry Pi still allows the user to set the username to “pi” and the password to “raspberry” but it will issue a warning that choosing the default setting is unwise.
“Some software may ask the user for ‘pi’, so we’re not completely arbitrary about this. But we strongly recommend choosing something else,” says Long.
Raspberry Pi sales spiked at the start of the pandemic as consumers looked for cheap home computing devices. But the Raspberry Pi currently faces a supply constraint due to a global chip shortage. This week, the director of Raspberry Pi Even Upton admitted resellers were out of stock.
“Demand for Raspberry Pi products has grown strongly from early 2021 onwards and supply constraints have prevented us from being flexible to meet this demand, as a result we now have a large volume of orders. substantial backlogs for most products. In contrast, many of our agents have their own backlogs, which they will complete upon receipt of goods from us,” say Upton.
