Blog | G5 Cyber Security

Raspberry Pi Bluetooth Security

G5 Cyber Security

TL;DR

This guide shows you how to improve the security of Bluetooth on your Raspberry Pi running Raspian. We’ll cover disabling unused services, reducing visibility, and keeping your system updated.

Steps

  1. Update Your System

    2. First, make sure your Raspberry Pi is up-to-date. This includes the operating system and Bluetooth packages.

    sudo apt update
    sudo apt upgrade
  2. Check Bluetooth Service Status

    3. See what Bluetooth services are running:

    systemctl status bluetooth

    If it’s not running and you don’t need Bluetooth, consider leaving it off. If it is running, proceed to the next steps.

  3. Disable Unnecessary Services

    4. Raspbian often starts several Bluetooth services. Disable those you don’t use. Common ones include:

To disable a service, use the following command (replace service_name with the actual service name):

sudo systemctl stop bluetooth-audio
sudo systemctl disable bluetooth-audio
  • Reduce Bluetooth Visibility

    • Make your Raspberry Pi less discoverable by setting the visibility timeout to a short period or disabling it completely.

    Edit the /etc/bluetooth/main.conf file:

    sudo nano /etc/bluetooth/main.conf

    Find the line #VisibilityTimeout = 60 and change it to (for example, 10 seconds):

    VisibilityTimeout = 10

    Or, to disable visibility completely, set it to 0:

    VisibilityTimeout = 0

    Save the file (Ctrl+X, Y, Enter).

  • Restart Bluetooth Service

    • Apply the changes by restarting the Bluetooth service:

    sudo systemctl restart bluetooth
  • Configure RFCOMM Filtering

    • RFCOMM is a cable replacement protocol. Limit which devices can connect using RFCOMM.

    Edit /etc/bluetooth/rfcomm.conf:

    sudo nano /etc/bluetooth/rfcomm.conf

    Add device MAC addresses to the devices = line, allowing only trusted devices to connect. For example:

    devices = 00:11:22:33:44:55 66:77:88:99:AA:BB

    Save the file (Ctrl+X, Y, Enter).

  • Firewall Configuration

    • If you're using a firewall (like ufw), ensure it blocks incoming Bluetooth connections unless specifically allowed.

    Example rules:

    sudo ufw deny from any to any port 1925 proto tcp
    sudo ufw deny from any to any port 1926 proto tcp
  • Regular Security Updates

    • Keep your system updated regularly. This is the most important step for ongoing cyber security.

    sudo apt update && sudo apt upgrade -y
    Exit mobile version