Title

BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. (Cat II impact)

Discussion

Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.

Check Content

Detailed Policy Requirements: When the BlackBerry Bluetooth Smart Card Reader (SCR) is used as a PC SCR, the following requirements must be followed: The PC must have the Bluetooth Lockdown tool installed and configured correctly. Check Procedures: Perform the following checks on a sample (use 2-3 for random sample) of site PCs used with the BlackBerry Bluetooth SCR: Verify the Bluetooth Lockdown tool is installed and configured correctly: On the PC, go to Start >> Control Panel >> Add or Remove Programs >> Select BlackBerry Smart Card Reader v1.5.1 and click the "Change/Remove" button. In the first pop-up dialog box, click the "Next" button. In the next dialog box, verify "Modify" is selected and click the "Next" button. In the next dialog box, click the "Next" button. In the next dialog box, (Restrict Bluetooth Functionality), verify the checkbox is checked. Click the "Cancel" button to cancel installation.

Fix Text

BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements.

Additional Identifiers

Rule ID: SV-21229r3_rule

Vulnerability ID: V-19312

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.