Bluetooth is a short-range, low-power wireless technology commonly integrated into portable computing and communication devices and peripherals. Bluetooth is best used in a secure environment where unauthorized users have no physical access near the Mac. If Bluetooth is used, it should be secured properly.

Bluetooth is particularly susceptible to a diverse set of security vulnerabilities involving identity detection, location tracking, denial of service, unintended control and access of data and voice channels, and unauthorized device control and data access. It is recommended by the Center of Internet Security to disable bluetooth when connectable but not is use.

This Worklet is designed to disable bluetooth if the following criteria is met on end endpoint:

1. Bluetooth is enabled and connectable



2. No Peripheral are connected

Evaluation:

#!/bin/bash


  


brt=$(system_profiler SPBluetoothDataType 2>/tmp/log.txt | grep "Bluetooth:" -A 20 | grep Connectable | tr -d "[:space:]")


brtmatch="Connectable:"


brtvalue='$brt'





         defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState > /dev/null








if [[ $? -eq 0 && "$brt" == *"$brtmatch"* && $( cat /tmp/log.txt | wc -l ) -eq 0 ]]; then





        exit 1


else


        exit 0


fi

Remediation:

#!/bin/bash





sudo defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -int 0





killall -9 "bluetoothd"

Your MacOS endpoints that have bluetooth on and connectable with no connected peripherals will be disabled increasing the endpoints security hardening!

As always, let me know if you have any question.