Title

The macOS system must disable Bluetooth Sharing. (Cat II impact)

Discussion

Bluetooth Sharing must be disabled. Bluetooth Sharing allows users to wirelessly transmit files between the macOS and Bluetooth-enabled devices, including personally owned cellphones and tablets. A malicious user might introduce viruses or malware onto the system or extract sensitive files via Bluetooth Sharing. When Bluetooth Sharing is disabled, this risk is mitigated. [NOTE] ==== The check and fix are for the last logged in user. To get the last logged in user, run the following. [source,bash] ---- CURRENT_USER=$( /usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName ) ---- ==== Satisfies: SRG-OS-000080-GPOS-00048, SRG-OS-000095-GPOS-00049

Check Content

Verify the macOS system is configured to disable Bluetooth sharing with the following commands: CURRENT_USER=$( /usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk '/Name :/ && ! /loginwindow/ { print $3 }' ) /usr/bin/sudo -u "$CURRENT_USER" /usr/bin/defaults -currentHost read com.apple.Bluetooth PrefKeyServicesEnabled If the result is not "0", this is a finding.

Fix Text

Configure the macOS system to disable Bluetooth sharing with the following commands: CURRENT_USER=$( /usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk '/Name :/ && ! /loginwindow/ { print $3 }' ) /usr/bin/sudo -u "$CURRENT_USER" /usr/bin/defaults -currentHost write com.apple.Bluetooth PrefKeyServicesEnabled -bool false

Additional Identifiers

Rule ID: SV-277127r1149415_rule

Vulnerability ID: V-277127

Group Title: SRG-OS-000080-GPOS-00048

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.