By default, when setting up a Raspberry PI, Bluetooth and Wifi are enabled. This is not always what you want, especially when you don’t need either of them. So, time to disable them, because having them enabled and probably unsecured is a potential attack vector into your network.
Change Boot Configuration
First, we need to edit the boot configuration file /boot/config.txt and add the following lines (edit if they are already there):
# Disable Bluetooth
dtoverlay=disable-bt
# Disable Wifi
dtoverlay=disable-wifi
This will disable the Bluetooth and Wifi interfaces on start-up.
Unfortunately, it is not that easy. Would be nice, wouldn’t it?
The services are still running, the kernel modules are still loaded. Both are completely unnecessary at this point, so let’s take care of that.
Disable the Services
To disable the services run the following commands:
sudo systemctl disable wpa_supplicant.service
sudo systemctl disable hciuart.service
sudo systemctl disable bluealsa.service
sudo systemctl disable bluetooth.service
Blacklist the Kernel Modules
Now that the services are deactivated, it’s time to blacklist the kernel modules. To do so, open /etc/modprobe.d/raspi-blacklist.conf in an editor of your choice and add:
# Disable Bluetooth
blacklist btbcm
blacklist bnep
blacklist bluetooth
# Disable Wifi
blacklist 8192cu
As you might have guessed by the file name, this will blacklist the modules and prevent them from being loaded during the system start.
(Optional) Remove Unused Software
Now that we have disabled Bluetooth and Wifi, we can also remove the software for it. This step is completely optional, but if you like a clean system, go ahead.
sudo apt purge bluez bluez-firmware wpasupplicant
sudo apt-get autoremove
Reboot
To apply all these changes, the Raspberry PI needs to be rebooted.
sudo reboot