User profile for user: PoeticKinetics
PoeticKinetics Author
User level: Level 1
20 points

Remove Incoming Bluetooth Serial Port

When I run a System Report in OSX, under Bluetooth it lists an incoming serial port. I'm aware that this serial port is for sending/receiving raw data via a terminal, but I have no idea what service or app installed it. Given that it is an incoming port and it does not require authentication, this leaves me a little worried that it might be a security risk, a way that someone could connect to my Mac and execute commands.


Incoming Serial Ports:

Bluetooth-Incoming-Port:

RFCOMM Channel: 3

Requires Authentication: No


I could just be paranoid, but I'd rather be safe and remove the serial port. I'm running Sierra, and it seems that you can't remove serial ports the way you used to through Sys Pref / Networking.


My question is, what is the correct way to remove or disable this serial port?


Can I simply delete /dev/tty.Bluetooth-Incoming-Port, or is this needed by the system to create new serial ports in the future for legit purposes?


I've checked 2 Macs and they both have the same incoming Port/Channel listed, so I'm not sure if this is a system serial connection, or if it has been installed by something common like hotspotting from your mobile phone?


Cheers all 🙂

MacBook Air, iOS 10.1.1

Posted on Jan 9, 2017 3:54 AM

Reply
13 replies
User profile for user: John Galt
John Galt
User level: Level 10
156,344 points

Jan 18, 2017 6:56 AM in response to PoeticKinetics

Thanks.


I can't get too excited about the ability of those apps to accomplish very much, since all they do is discover and communicate with available BTLE devices in much the same way as a Wi-Fi enabled device might be capable of. That communication is limited to the services granted by the host device. In terms of device security, they can be used to discover BT devices within range, but that's all. The host device (macOS in this case) passes connection requests according to its configuration. If its user (you in this case) were to permit that connection and establish a service, that enables the two-way communications that make BT useful.


Securing macOS as well as all other information on your Mac depends upon additional protections separate from those already incorporated in the BTLE specification. You can, for example, use Bluetooth to send and receive files to and from other Bluetooth devices, but you must first establish a trusted connection between your Mac and that device. Each of its users must agree to that connection before it can occur, and before any meaningful data transfer can take place.


For these apps to be able to connect to the laptop without having even previously paired with it seems like it could be a security risk to me.


Yes, it could be, but the devices have to be found before they can be paired. The only way to prevent that is to turn BT "off"... and you can certainly do that on the MBA.


Although the nature of wireless devices makes them inherently less secure than devices that would otherwise exist in total isolation — able to connect to one another only with physical cables — device security has been a fundamental aspect of the Mac's operating system since its inception. I certainly would not be any more concerned about BT's ability to "discover" your MacBook Air than any other means of determining its existence for the purpose of exploiting its vulnerabilities... and there are far easier ways of doing that.


The full BT specification is here: Core Version 5.0

Reply
User profile for user: PoeticKinetics
PoeticKinetics Author
User level: Level 1
20 points

Jan 16, 2017 11:00 PM in response to PoeticKinetics

Thank you. My concern arose since I used a couple of iOS apps TPSerialMon and LightBlue Explorer, which were able to easily connect to my Mac Air, without bluetooth being in discovery mode and without prompting to enter a pin code or displaying any warning on the laptop, other than the BT icon in the menu extra bar changing to connected. It only connects temporarily, and you are able to scan the list of services available on the laptop. TPSerialMon looks like it can even send data to the device/laptop. I'm concerned that an app or BLE device could connect to my laptop in a similar manner to issue commands without me being able to prevent it?


I'm prob just being paranoid, but I would like to lock my system down from any vulnerable aspects.

Reply
User profile for user: PoeticKinetics
PoeticKinetics Author
User level: Level 1
20 points

Jan 21, 2017 12:34 PM in response to PoeticKinetics

Hi John,


Thank you so much for your detailed reply, I appreciate it 🙂


That all makes sense to me. So even though the phone/app can connect and pair with the laptop without a pincode or prompt, it is only paired temporarily in a restricted operational mode which allows for service discovery only, with no potential additional communication(?)


I would have initially thought that the app could initiate a scan of the publicly listed services of a device just by scanning it rather than actually connecting to it? Kind of like with Wifi you can scan and see a public or BSSID of a router and probably other IP/Port Scans without having to actually know the PWD for the Wifi network and also without actually connecting to the network at all? Or is it that a form of connection Is actually made to the router directly, but that nothing comes up in the Wifi menu as a connected network?


I was under the impression that discovery mode is activated either clicking on the BT icon in the menu extra bar to display the menu, or alternatively opening Sys Pref / Bluetooth.

However TPSerialMon can discover and connect to a device which is not operating in 'discovery mode' at all.

It would be nice to be able to disable device discovery of Bluetooth in OSX, while still keeping BT enabled for existing paired devices. Or does the BT spec stipulate that devices need to be in a constant connectible / discovery mode?



Thanks again for your input, you're a great contributor to this forum.


~ Gethen

Reply
User profile for user: PoeticKinetics
PoeticKinetics Author
User level: Level 1
20 points

Jan 21, 2017 12:50 PM in response to PoeticKinetics

Also would you have any idea what these manufacturer specified custom services are?

I can't seem to find any reference to them online. As they are custom UUID's, they aren't listed in the BT Services / Characteristics lists. https://www.bluetooth.com/specifications/gatt/services https://www.bluetooth.com/specifications/gatt/characteristics


Service 1:

9FA480E0-4967-4542-9390-D343DC5D04AE

AF0BADB1-5B99-43CD-917A-A77BC549E3CC

Write / Notify


Service 2:

D0611E78-BBB4-4591-A5F8-487910AE4366

8667556C-9A37-4C91-84ED-54EE27D90049

Write / Notify


My discovery apps don't give me any useful service descriptions 😟

Reply
User profile for user: John Galt
John Galt
User level: Level 10
156,344 points

Jan 23, 2017 10:19 AM in response to PoeticKinetics

It's not possible to determine exactly what those services are. Given the broad capabilities of BT services though I don't think it really matters. I understand you are concerned about breaching its security protocols to exploit BT-enabled devices in general, and a Mac in particular.


I'm still using that app to determine the extent to which I can potentially use BT to exploit Macs as well as other devices, and I admit I haven't had much time to do that.

Reply
User profile for user: CodeJingle
CodeJingle
User level: Level 1
8 points

Apr 10, 2017 7:56 PM in response to PoeticKinetics

Pairing is a legacy concept dating back to before Bluetooth 4.0 and Bluetooth Low Energy (BLE). It is fundamental to the BLE specification to be able to connect to other BLE devices without having to formally pair. The concept of 'pairing' is replaced with 'connecting'. Bluetooth 5.0 expands this further to the point that two devices can communicate with each other without even needing a connection. Pairing is only required in specific circumstances. Most of the functionality for two-way communication will be enabled without requiring a legacy pairing. This is baked into the Bluetooth standard.


An ill-formed BLE device has no hope of retrieving important data from your computer, as your computer does not expose Bluetooth services for access to sensitive information. You would have to be a Bluetooth developer, and design & implement a BLE Gatt Server that contained those services, then run that Gatt Server on your machine to voluntarily expose access to sensitive information for consumption by physically nearby BLE client peripherals. Outside of this scenario I don't understand your security concern?

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Remove Incoming Bluetooth Serial Port

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up