TL;DR
This guide shows you how to improve the security of Bluetooth on your Raspberry Pi running Raspian. We’ll cover disabling unused services, reducing visibility, and keeping your system updated.
Steps
- Update Your System
- Check Bluetooth Service Status
- Disable Unnecessary Services
bluetooth-audio: For audio streaming (if not used).bluetooth-serial: For serial port connections (if not used).- Reduce Bluetooth Visibility
- Restart Bluetooth Service
- Configure RFCOMM Filtering
- Firewall Configuration
- Regular Security Updates
First, make sure your Raspberry Pi is up-to-date. This includes the operating system and Bluetooth packages.
sudo apt updatesudo apt upgradeSee what Bluetooth services are running:
systemctl status bluetoothIf it’s not running and you don’t need Bluetooth, consider leaving it off. If it is running, proceed to the next steps.
Raspbian often starts several Bluetooth services. Disable those you don’t use. Common ones include:
To disable a service, use the following command (replace service_name with the actual service name):
sudo systemctl stop bluetooth-audiosudo systemctl disable bluetooth-audioMake your Raspberry Pi less discoverable by setting the visibility timeout to a short period or disabling it completely.
Edit the /etc/bluetooth/main.conf file:
sudo nano /etc/bluetooth/main.confFind the line #VisibilityTimeout = 60 and change it to (for example, 10 seconds):
VisibilityTimeout = 10Or, to disable visibility completely, set it to 0:
VisibilityTimeout = 0Save the file (Ctrl+X, Y, Enter).
Apply the changes by restarting the Bluetooth service:
sudo systemctl restart bluetoothRFCOMM is a cable replacement protocol. Limit which devices can connect using RFCOMM.
Edit /etc/bluetooth/rfcomm.conf:
sudo nano /etc/bluetooth/rfcomm.confAdd device MAC addresses to the devices = line, allowing only trusted devices to connect. For example:
devices = 00:11:22:33:44:55 66:77:88:99:AA:BBSave the file (Ctrl+X, Y, Enter).
If you're using a firewall (like ufw), ensure it blocks incoming Bluetooth connections unless specifically allowed.
Example rules:
sudo ufw deny from any to any port 1925 proto tcpsudo ufw deny from any to any port 1926 proto tcpKeep your system updated regularly. This is the most important step for ongoing cyber security.
sudo apt update && sudo apt upgrade -y