Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25019 | WIR-MOS-iOS-040-01 | SV-34930r3_rule | ECWN-1 | Medium |
Description |
---|
The Bluetooth radio can be used by a hacker to connect to the iOS device without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. |
STIG | Date |
---|---|
Apple iOS6 Security Technical Implementation Guide | 2014-10-07 |
Check Text ( C-31220r5_chk ) |
---|
The list of Bluetooth devices the iOS device has connected to should only contain authorized smart card readers (SCR) and headsets. Currently, only Bluetooth SCRs and headsets manufactured by Biometric Associates (BAI) have been approved. On a sample of site-managed iOS devices (pick 3-4 random devices), verify the iOS device has only been connected to authorized Bluetooth peripherals. -Have the user log into the device. -Go to Settings > Bluetooth. -Verify only approved devices are listed under “Devices”. Mark as a finding if unauthorized peripherals have been connected to the iOS device. |
Fix Text (F-27690r3_fix) |
---|
Train the user to not connect the iOS device to unauthorized Bluetooth peripherals. |