Check: WIR1045-01
BlackBerry Handheld Device:
WIR1045-01
(in versions v2 r11 through v2 r1)
Title
Only approved Bluetooth headset and handsfree devices must be used with site managed BlackBerry devices. (Cat II impact)
Discussion
Bluetooth usage could provide an attack vector for a hacker to connect to a BlackBerry device without the knowledge of the user. DoD data would then be vulnerable.
Check Content
Detailed Policy Requirements: The following Bluetooth headset and handsfree devices are approved: Biometric Associates, LP (BAL) blueARMOR family of headsets (blueARMOR 100, blueARMOR 105, and blueARMOR 200) with firmware version 1.5.x. Check Procedures: For the BAL headset, the only way to verify the device model number and firmware version is to check the Bluetooth device name of a paired headset. Have the user pair the device to the BlackBerry, if not already paired. On the BlackBerry handheld, go to Options > Networks and Connections > Bluetooth Connections and check the list of paired devices. The device name should be in the form of baiMobileBA100 V1.5.0. The reviewer should check a sample of BlackBerry devices at the site (2-3) and verify compliance. Note: If the site uses the FIXMO Sentinel Enterprise integrity verification tool, checking BlackBerry handhelds is not required. Have the system administrator show that the Sentinel server is configured to audit paired Bluetooth devices on site managed BlackBerry handhelds.
Fix Text
Use only approved Bluetooth headset and handsfree devices.
Additional Identifiers
Rule ID: SV-33354r2_rule
Vulnerability ID: V-26508
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |