The smartphone Bluetooth radio must be disabled if not authorized for use.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25019 | WIR-MOS-iOS-040-01 | SV-34930r1_rule | ECWN-1 | Medium |
| Description |
|---|
| The Bluetooth radio can be used by a hacker to connect to the iOS device without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. |
| STIG | Date |
|---|---|
| Apple iOS 4 (Good Mobility Suite) Interim Security Configuration Guide (ISCG) | 2011-11-07 |
Details
| Check Text ( C-31220r1_chk ) |
|---|
| On a sample of site-managed iOS devices (pick 3-4 random devices), check that the Bluetooth radio is turned off. -Have the user log into the device. -Go to Settings > General > Bluetooth. -Verify the Bluetooth radio is off. Mark as a finding if configuration is not set as required. |
| Fix Text (F-27690r1_fix) |
|---|
| Configure the mobile OS device Bluetooth radio as required. |