UCF STIG Viewer Logo

All mobile operating system (OS) device Bluetooth radio profiles must be disabled except for the serial port, handset and headset profiles.


Overview

Finding ID Version Rule ID IA Controls Severity
V-29524 WIR-MOS-AND-040-02 SV-38756r1_rule ECWN-1 Medium
Description
The Bluetooth radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. The serial port profile is used by the DoD approved Bluetooth smart card reader and the headset and handset profiles are used by the DoD approved Bluetooth headset.
STIG Date
Android 2.2 (Dell) Security Technical Implementation Guide 2014-08-26

Details

Check Text ( C-37824r1_chk )
The Bluetooth Security Monitor application is used to only allow the three approved Bluetooth profiles: serial port, handset, headset. (In late 2011, this configuration setting will be available in the Good server console.)
Verify the Bluetooth Security Monitor application has been installed on the mobile OS device.

-Have the system administrator show that Setup.apk is in the list of installed applications on the device (Settings>Applications>Manage applications>All).

Mark as a finding if the required file is not installed.
Fix Text (F-33963r1_fix)
Install the required Bluetooth configuration application.