2.4.7 Ensure Bluetooth Sharing Is Disabled

Information

Bluetooth Sharing allows files to be exchanged with Bluetooth-enabled devices.

Rationale:

Disabling Bluetooth Sharing minimizes the risk of an attacker using Bluetooth to remotely attack the system.

Impact:

Control 2.1.1 discusses disabling Bluetooth if no paired devices exist. There is a general expectation that Bluetooth peripherals will be used by most users in Apple's ecosystem. It is possible that sharing is required and Bluetooth peripherals are not. Bluetooth must be enabled if sharing is an acceptable use case.

Solution

Perform the following to disable Bluetooth Sharing:
Graphical Method:

Open System Preferences

Select Sharing

Uncheck Bluetooth Sharing

Run the following command to disable Bluetooth Sharing is disabled:

sudo -u <username> /usr/bin/defaults -currentHost write com.apple.Bluetooth PrefKeyServicesEnabled -bool false

$ sudo -u firstuser /usr/bin/defaults -currentHost write com.apple.Bluetooth PrefKeyServicesEnabled -bool false

Profile Method:

Create or edit a configuration profile with the key of com.apple.Bluetooth under PayloadContent

Add the following set of keys with the com.apple.Bluetooth key:

<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>PrefKeyServicesEnabled</key>
<false/>
</dict>
</dict>
</array>
</dict>

See Also

https://workbench.cisecurity.org/files/3573