Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25019 | WIR-MOS-AND-040-01 | SV-34994r1_rule | ECWN-1 | Medium |
Description |
---|
The Bluetooth radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. |
STIG | Date |
---|---|
Android 2.2 (Dell) Security Technical Implementation Guide | 2014-08-26 |
Check Text ( C-34874r1_chk ) |
---|
The Bluetooth radio should be turned off by the user (User Based Enforcement (UBE)) if not being used to connect the approved Bluetooth smart card reader or handsfree headset to the smartphone. On a sample of site-managed Android devices (pick 3-4 random devices), verify the Bluetooth radio is turned off if the Bluetooth smart card reader is not being used by the user. -Have the user log into the device. -Go to Settings > Wireless & networks > Bluetooth. -Verify the Bluetooth radio is off. Mark as a finding if configuration is not set as required. |
Fix Text (F-27690r3_fix) |
---|
Train the user to not connect the iOS device to unauthorized Bluetooth peripherals. |