UCF STIG Viewer Logo

The mobile device Bluetooth radio must only connect to authorized Bluetooth peripherals.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25019 WIR-MOS-iOS-040-01 SV-34930r3_rule ECWN-1 Medium
Description
The Bluetooth radio can be used by a hacker to connect to the iOS device without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave.
STIG Date
Apple iOS6 Security Technical Implementation Guide 2014-10-07

Details

Check Text ( C-31220r5_chk )
The list of Bluetooth devices the iOS device has connected to should only contain authorized smart card readers (SCR) and headsets. Currently, only Bluetooth SCRs and headsets manufactured by Biometric Associates (BAI) have been approved.

On a sample of site-managed iOS devices (pick 3-4 random devices), verify the iOS device has only been connected to authorized Bluetooth peripherals.

-Have the user log into the device.
-Go to Settings > Bluetooth.
-Verify only approved devices are listed under “Devices”.

Mark as a finding if unauthorized peripherals have been connected to the iOS device.
Fix Text (F-27690r3_fix)
Train the user to not connect the iOS device to unauthorized Bluetooth peripherals.