B

luetooth is a short-range, low-power wireless technology commonly integrated into portable computing and communication peripheral devices. Bluetooth is best used in a secure environment where unauthorized users have no physical access to your computer. If Bluetooth is used, it should be secured properly.

Bluetooth is particularly susceptible to a diverse set of security vulnerabilities involving identity detection, location tracking, denial of service, unintended control and access of data and voice channels, and unauthorized device and data access. It is recommended by the Center for Internet Security to disable Bluetooth when connectable, but not in use.

To help you better secure your corporate macOS endpoints, we’ve created an Automox Worklet that allows you to evaluate the Bluetooth status and disable it, if necessary.

Automox Worklet: To check for Bluetooth status and disable on macOS

This Automox Worklet is designed to disable Bluetooth on your corporate macOS endpoints if Bluetooth is enabled and connectable, but no peripheral or device is connected. To deploy this endpoint hardening Worklet, do the following:

    1. Log in to your Automox Console.
    2. Navigate to the System Management page and click Create Policy in the upper right-hand section of the screen.
    3. Choose macOS under Worklet.Screen Shot 2019-10-14 at 4.09.21 PM
    4. Copy and paste the Evaluation and Remediation code scripts from below. The evaluation code keeps you apprised of each device’s ongoing compliance, as well as flags the device for remediation. The remediation code enforces this setting on the schedule you define.
    5. Change the values as described in the code so that they match your needs.

Evaluation:

#!/bin/bash

brt=$(system_profiler SPBluetoothDataType 2>/tmp/log.txt | grep "Bluetooth:" -A 20 | grep Connectable | tr -d "[:space:]")

brtmatch="Connectable:"

brtvalue='$brt'

        defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState > /dev/null

if [[ $? -eq 0 && "$brt" == *"$brtmatch"* && $( cat /tmp/log.txt | wc -l ) -eq 0 ]]; then

       exit 1

else

       exit 0

fi

Remediation:

#!/bin/bashsudo defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -int 0killall -9 "bluetoothd"

5. Click Create Worklet.

6. Assign Worklet to a group or multiple groups and click Save Changes.

7. Execute the Worklet by clicking the Execute Policy Now button.

You can assign this Worklet to all of your macOS groups and execute the policy. You can also set the Worklet to run on a schedule like any other Worklet.

IMPORTANT NOTE: This Worklet has the ability to disable Bluetooth on multiple devices at once. It is highly advised by Automox to test this Worklet in a controlled environment before deploying it to production devices.

If you have any questions, please contact our support team for technical assistance at support@automox.com.

To see this Worklet in action, check out the demo in our October Patch Tuesday webinar. View webinar recording here.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.