Title

BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements. (Cat III impact)

Discussion

Non-secure Bluetooth configuration on the PC could make it vulnerable to compromise via a Bluetooth attack.

Check Content

Detailed Policy Requirements: When the BlackBerry Bluetooth Smart Card Reader (SCR) is used as a PC SCR, the following requirements must be followed: Bluetooth radios installed in site PCs must be Class 2 or 3. Class 1 (100 mW) Bluetooth radios are not allowed. Note: ISSOs: To determine the "class" rating of the Bluetooth radio, look under the specification section of the Bluetooth Network Interface Card manual, which can be downloaded from the laptop vendor’s web site or the Bluetooth dongle vendor’s web site. Nearly all internal laptop Bluetooth radios are Class 2 or 3, and many Bluetooth dongle radios are Class 1. Check Procedures: Perform the following checks on site PCs used with the BlackBerry Bluetooth SCR: Interview the ISSO to verify only Bluetooth Class 2 or 3 radios are used in site PCs. Have the ISSO or site BlackBerry Administrator show for a sample of PCs the Bluetooth radio is not a Class 1 radio by providing a copy of the Bluetooth radio specification sheet.

Fix Text

BlackBerry Bluetooth SCR use with site PCs must be compliant with requirements.

Additional Identifiers

Rule ID: SV-21230r3_rule

Vulnerability ID: V-19313

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.