As of version 4.0.0, the Recalbox is not secure against attacks in its default configuration. As a general rule:
The Recalbox comes with a default root password. Up to version 4.0.0 it is possible to change the root password by doing the following, from a command prompt:
Remount the / partition in read-write mode
mount -o remount,rw /
Change the root password
The Recalbox enables several services by default. While convenient, these are easy entry points for attackers. It is a good practice to disable any service you are not using by editing the 'Network' section of recalbox.conf (2)
(2) To edit this file, two options:
Open a command prompt, and once connected, type:
Or, from your computer, open a web browser at: http://\/ in order to access recalbox manager and edit the configuration from the corresponding page.
If you don't need any network connection or if you use a network cable, turn wifi off:
Please note that Recalbox stores your wifi password in clear text in the field wifi.key, so make sure to clear this field when turning wifi off. Version 4.1 shall not store the wifi password in clear text anymore.
Samba is useful for file transfer from another computer. If you don't use this service, turn it off by using:
Version 4.1 should support password-protected Samba shares.
Virtual gamepads enables you to use your phone or tablet as a gamepad. If you don't use these, turn off the service by typing:
Recalbox comes with a built-in webserver, running on port 80. This server lets you drag and drop files such as roms from your desktop to your recalbox and change the configuration. However, it's also a golden path for an attacker to own your box. So if you don't use the Recalbox manager (for example, because you're fine with your config and set of roms, or if you use the samba share for rom upload), you can turn it off in the following way:
These steps should make your box (and by consequence all devices connected to the same network) a little bit more secure.