Are RaspberryPi images safe?

Georgian2 · Mar 25, 2025

Did anybody actualy check if all the RaspberryPi-Jamma images are safe? It would be easy for someone to put a miner on it and make money as we play. I know it would use a lot of resources, but still a good oportunity to make some cash.
Most of use already made and ready to use software. Just a thought.

Joboopoot · Mar 25, 2025

If your talking about crypto miners, the CPU horse power is so low it would not be worth the trouble even with thousands of different installs, and as soon as you noticed any major lag on your Raspberry Pi, you would just nuke the micro sd card and use a different image.

eliotcole · Mar 26, 2025

By and large most open-source stuff can USUALLY be considered to be safe ... if it has enough people working on it.

That said:

I have zero clue if this thing you're discussing is open source
It's entirely possible I'm talking waaaaaaaaaaaaay outta my arse

So, perhaps a pertinent question to you, @Georgian2, might be:

Are you talking about the ARpiCADE software here?

Also ... purely thinking of others that might wish to find this, or may pop in to help if they notice it ... ... if you slightly edit the title of this to the following then there is potentially a greater chance that they might come by this thread.

Code:

Are ARpiCADE RaspberryJAMMA OS Images Safe?

EDIT - Edited to add ... you could look into how difficult it would be to place the Pi on a specific subnet/internal network on your home LAN and only let it communicate with select public destinations.
But I am FAR from a network engineer and wouldn't want to provide advice on it ... just ... hopefully that kind of thing isn't onerous with your setup.
Or maybe (once it's done all its network stuffs) you could just disconnect it from all networks entirely.

Georgian2 · Mar 26, 2025

I mean any image that could be found on archive.org
They are full with roms, ready to use.
It was just thought that it could be quite easy to put anything on it. We just connect the thing to home network and thats it. I'm talking mainly about the ones ready to use loaded with roms. They are not official releases as far as I know. Most likely they are safe.

eliotcole · Mar 26, 2025

Well, yeah ... OK ... I don't let anything like 'pre made' images which are full of ROMs and whatnot anywhere near my home network on principle.
But that's just me, and there is not one ounce of judgement on those that do.
I'm just a paranoid android, is all.

A good example of my paranoia is how I approach using Fightcade, for example ... on Windows ...

There is an accepted, working, method (colloquially known as 'the JSON method' I believe) whereby a particular JSON setup can be used to grab any required ROMS that you might need in order to play a game on the system.

My issues with that (again, purely my own wanked up head) are two fold:

I have no idea what that could download and cause Fightcade to action ... I am sure that it is 100% fine ... but I just don't have the trust to do that ....
I like to only play games that I own, so that (since I play under my real name ... and I am 'pleasant' ... which seems to be upsetting for the man-hoards in the 3S room) if there is ANY consternation about me and the game I am playing ... I could nip around the corner and pick up the PCB/Cartridge

kingtreelo · Mar 26, 2025

as mentioned above, the power required for anything to do with mining needs a lot of oomph behind it, you are talking high end GPUs, not RPi's

kingtreelo · Mar 26, 2025

eliotcole said:
Well, yeah ... OK ... I don't let anything like 'pre made' images which are full of ROMs and whatnot anywhere near my home network on principle.
But that's just me, and there is not one ounce of judgement on those that do.
I'm just a paranoid android, is all.

A good example of my paranoia is how I approach using Fightcade, for example ... on Windows ...

There is an accepted, working, method (colloquially known as 'the JSON method' I believe) whereby a particular JSON setup can be used to grab any required ROMS that you might need in order to play a game on the system.

My issues with that (again, purely my own wanked up head) are two fold:

I have no idea what that could download and cause Fightcade to action ... I am sure that it is 100% fine ... but I just don't have the trust to do that ....

I like to only play games that I own, so that (since I play under my real name ... and I am 'pleasant' ... which seems to be upsetting for the man-hoards in the 3S room) if there is ANY consternation about me and the game I am playing ... I could nip around the corner and pick up the PCB/Cartridge

Defender is good enough now that it has made near every antivirus software redundant, it will flag if anything is suspicious and if you allow it, then its on you

Georgian2 · Mar 26, 2025

kingtreelo said:
as mentioned above, the power required for anything to do with mining needs a lot of oomph behind it, you are talking high end GPUs, not RPi's

Dosn't have to be a miner. Simply an network spy or something is enough.

kingtreelo said:
Defender is good enough now that it has made near every antivirus software redundant, it will flag if anything is suspicious and if you allow it, then its on you

It's been many years since I last used an antivirus. I trust my senses when navigating on the web.

Wahoobies · Mar 26, 2025

well for a pi image, remember you don't have to tell it your wifi or plug it in. They mostly all work without network anyway!
I know my linux and network security pretty well, so can generally spot a problem. My experience so far has been "All good", but YMMV

Chihiro · Mar 26, 2025

Green=Paranoia.

eliotcole · Mar 26, 2025

Curious ... how does that track what a Pi is doing on my network?

kingtreelo said:
Defender is good enough now that it has made near every antivirus software redundant, it will flag if anything is suspicious and if you allow it, then its on you

( I'm being playfully facetious ... not aggressive ;-) )

Joboopoot · Mar 27, 2025

eliotcole said:
Curious ... how does that track what a Pi is doing on my network?

Microsoft Defender won't, but Wireshark will do the job.

eliotcole · Mar 27, 2025

Yeah ... so ... back to the thread ... how safe are the RaspberryPi images that folks use on their RPi devices on their home network?

Joboopoot · Mar 28, 2025

Lets be honest, if running ready made RPi images containing a collection of copyright infringing ROMs, an element of risk will always involved when trusting a third party to produce said image.

My preference is always open source based images, that can easily be peer reviewed on a platform such as GitHub. However if the RPi image contains content such as copyrighted ROMs that is not going to happen. My preference would be an image where you source your own ROMs.

However at the end of the day if the RPi is used in a stand alone device with which it physically air gapped what does it matter? If you experience anything you suspect is nefarious you just wipe the Micro SD card and use a different image.

If the RPi is not air gapped it's then down to the end user to decided acceptable levels of risk, such as putting it on a separate sub-net on your own network.

eliotcole · Mar 28, 2025

Which is what I was suggesting, good, glad we agree.

Are RaspberryPi images safe?

Georgian2

Active member

Joboopoot

Newbie

eliotcole

Active member

Georgian2

Active member

eliotcole

Active member

kingtreelo

Active member

kingtreelo

Active member

Georgian2

Active member

Wahoobies

Active member

Chihiro

I do this shit for a living yo!

eliotcole

Active member

Joboopoot

Newbie

eliotcole

Active member

Joboopoot

Newbie

eliotcole

Active member

Related Links

Related Links

Get In Touch