Worklet: Disabling Bluetooth on MacOS Endpoints IF No Connected Devices or Peripherals

Bluetooth is a short-range, low-power wireless technology commonly integrated into portable computing and communication devices and peripherals. Bluetooth is best used in a secure environment where unauthorized users have no physical access near the Mac. If Bluetooth is used, it should be secured properly.

Bluetooth is particularly susceptible to a diverse set of security vulnerabilities involving identity detection, location tracking, denial of service, unintended control and access of data and voice channels, and unauthorized device control and data access. It is recommended by the Center of Internet Security to disable bluetooth when connectable but not is use.

This Worklet is designed to disable bluetooth if the following criteria is met on end endpoint:

  1. Bluetooth is enabled and connectable
  2. No Peripheral are connected

Evaluation:

#!/bin/bash
  
brt=$(system_profiler SPBluetoothDataType 2>/tmp/log.txt | grep "Bluetooth:" -A 20 | grep Connectable | tr -d "[:space:]")
brtmatch="Connectable:"
brtvalue='$brt'

         defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState > /dev/null


if [[ $? -eq 0 && "$brt" == *"$brtmatch"* && $( cat /tmp/log.txt | wc -l ) -eq 0 ]]; then

        exit 1
else
        exit 0
fi

Remediation:

#!/bin/bash

sudo defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -int 0

killall -9 "bluetoothd"

Your MacOS endpoints that have bluetooth on and connectable with no connected peripherals will be disabled increasing the endpoints security hardening!

As always, let me know if you have any question.