Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25019 | WIR-MOS-iOS-040-01 | SV-34930r2_rule | ECWN-1 | Medium |
Description |
---|
The Bluetooth radio can be used by a hacker to connect to the iOS device without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. |
STIG | Date |
---|---|
Apple iOS 6 Interim Security Configuration Guide (ISCG) | 2013-01-17 |
Check Text ( C-31220r3_chk ) |
---|
The Bluetooth radio should be turned off by the user (User Based Enforcement (UBE)) if not being used to connect the approved Bluetooth smart card reader or handsfree headset to the mobile device. On a sample of site-managed iOS devices (pick 3-4 random devices), verify the Bluetooth radio is turned off if the Bluetooth smart card reader is not being used by the user. -Have the user log into the device. -Go to Settings > Bluetooth. -Verify the Bluetooth radio is off. Mark as a finding if configuration is not set as required. |
Fix Text (F-27690r2_fix) |
---|
Configure the mobile device Bluetooth radio to be turned off if the Bluetooth smart card reader is not being used by the user. |