The Personal Hotspot feature of the smartphone OS must be disabled if it does not meet DoD WLAN or Bluetooth security requirements and is not approved by the IAO.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-26559 | WIR-MOS-iOS-044 | SV-34934r1_rule | ECWN-1 | Low |
| Description |
|---|
| The Wi-Fi radio and Bluetooth radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. This setting would allow the device Wi-Fi radio to automatically connect to a Wi-Fi network. The Bluetooth and Wi-Fi connections do not support DoD wireless encryption and authentication requirements. |
| STIG | Date |
|---|---|
| Apple iOS 4 (Good Mobility Suite) Interim Security Configuration Guide (ISCG) | 2011-11-07 |
Details
| Check Text ( C-34017r1_chk ) |
|---|
| USB connections for Personal Hotspot service will only be used if authorized. Bluetooth and Wi-Fi connections will not be used (User Based Enforcement (UBE)). First, ask if the IAO has approved the use of Personal Hotspot or Tethered Modem service for site iOS devices or for some users. If yes, review the approval document. On a sample of site-managed iOS devices (pick 3-4 random devices) have the user turn on and log into the device. -Go to Settings > General > Network > Personal Hotspot. -If Personal Hotspot is on, verify that only the following message is displayed “Your iPhone’s Internet connection is being shared over USB”. Note: “Tethered Modem” service must be added to the iPhone wireless account by the carrier for the iOS Personal Hotspot service to work. Mark as a finding if Portable Wi-Fi Hotspot service is not disabled and the DAA or IAO has not approved the service. |
| Fix Text (F-29705r1_fix) |
|---|
| Set the mobile OS device Personal Hotspot feature as required. |