Information
By showing the Bluetooth status in the menu bar, a small Bluetooth icon is placed in the menu bar. This icon quickly shows the status of Bluetooth, and can allow the user to quickly turn Bluetooth on or off.
Rationale:
Enabling 'Show Bluetooth status in menu bar' is a security awareness method that helps the user understand the current state of Bluetooth, including whether it is enabled, discoverable, what paired devices exist, and what paired devices are currently active.
Impact:
Bluetooth is a useful wireless tool that has been widely exploited when configured improperly. The user should have insight into the Bluetooth status.
Solution
Profile Method:
Create or edit a configuration profile with the following information:
The PayloadType string is com.apple.controlcenter
The key to include is Bluetooth
The key must be set to <integer>18</integer>
Additional Information:
To verify individual users:
Audit:
Graphical Method:
Perform the following steps to ensure that Bluetooth status shows in the menu bar:
Open System Preferences
Select Dock & Menu Bar
Select Bluetooth
Verify that Show in Menu Bar is enabled
Terminal Method:
For each user, run the following command to verify that the Bluetooth status is enabled to show in the menu bar:
$ /usr/bin/sudo -u <username> /usr/bin/defaults -currentHost read com.apple.controlcenter.plist Bluetooth
18
Note: If the settings has not been changed from the default, then this audit will fail on the command line. Follow the remediation instructions to verify that it is set to a disabled status.
example:
$ /usr/bin/sudo -u firstuser /usr/bin/defaults -currentHost read com.apple.controlcenter.plist Bluetooth
18
Remediation:
Graphical Method:
Perform the following steps to enable Bluetooth status in the menu bar:
Open System Preferences
Select Dock & Menu Bar
Select Bluetooth
Set Show in Menu Bar to enabled
Terminal Method:
For each user, run the following command to enable Bluetooth status in the menu bar:
$ /usr/bin/sudo -u <username> /usr/bin/defaults -currentHost write com.apple.controlcenter.plist Bluetooth -int 18
example:
$ /usr/bin/sudo -u firstuser /usr/bin/defaults -currentHost write com.apple.controlcenter.plist Bluetooth -int 18