The smartphone Bluetooth radio must be disabled if not authorized for use.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25019	WIR-MOS-AND-040-01	SV-34994r1_rule	ECWN-1	Medium

Description
The Bluetooth radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave.

STIG	Date
Android 2.2 (Dell) Security Technical Implementation Guide	2014-08-26

Details

Check Text ( C-34874r1_chk )
The Bluetooth radio should be turned off by the user (User Based Enforcement (UBE)) if not being used to connect the approved Bluetooth smart card reader or handsfree headset to the smartphone. On a sample of site-managed Android devices (pick 3-4 random devices), verify the Bluetooth radio is turned off if the Bluetooth smart card reader is not being used by the user. -Have the user log into the device. -Go to Settings > Wireless & networks > Bluetooth. -Verify the Bluetooth radio is off. Mark as a finding if configuration is not set as required.

Check Text ( C-34874r1_chk )

The Bluetooth radio should be turned off by the user (User Based Enforcement (UBE)) if not being used to connect the approved Bluetooth smart card reader or handsfree headset to the smartphone.

On a sample of site-managed Android devices (pick 3-4 random devices), verify the Bluetooth radio is turned off if the Bluetooth smart card reader is not being used by the user.

-Have the user log into the device.
-Go to Settings > Wireless & networks > Bluetooth.
-Verify the Bluetooth radio is off.

Mark as a finding if configuration is not set as required.

Fix Text (F-27690r3_fix)
Train the user to not connect the iOS device to unauthorized Bluetooth peripherals.