BlueBorne

PSA: Disabling Bluetooth via PowerShell in Response to BlueBorne

Please note that nearly all of the machines in our environment are on Windows 10 so this is written with that in mind.

With the recent news about BlueBorne:

It’s been an interesting day!

Since Bluetooth is generally enabled in our environment, one school of thought is to reduce the attack surface by disabling Bluetooth across the board, then re-enable where necessary as some users have Bluetooth keyboards, mice and other peripherals.

There were two approaches:

  • Disable it in the BIOS (more on that later)
  • Disable it in Device Manager

Since the latter was more universal, and I’ll explain my perspective on that, I slapped together something basic to disable Bluetooth devices on the system.  I haven’t tested it extensively but on all of my Lenovo ThinkPad laptops, it’s worked without issue.

Disable-Bluetoothv1


Function Disable-Bluetoothv1
    {
        foreach($BTDevice in $(Get-PnpDevice -FriendlyName '*bluetooth*' -Status OK -ErrorAction SilentlyContinue))
            {
                if(Get-PnpDevice -FriendlyName $BTDevice.FriendlyName -Status OK -ErrorAction SilentlyContinue)
                    {
                        try { Disable-PnpDevice -InstanceId $BTDevice.InstanceId -Verbose -Confirm:$false -WhatIf }
                        catch { Write-Output "ERROR DISABLING [$($BTDevice.FriendlyName)] @ [$($BTDevice.InstanceId)]:`r`n$_" }
                    }
            }
    }

Disable-Bluetoothv2


Function Disable-Bluetoothv2
    {
        foreach($BTDevice in $(gwmi -Class Win32_PnPEntity | ? { (($_.Caption -like '*bluetooth*') -or ($_.Description -like '*bluetooth*')) -and $_.Status -eq 'OK' }))
            {
                if(gwmi -Class Win32_Pnpentity -Filter "Caption='$($BTDevice.Caption)' AND Status='OK'")
                    {
                        try { Invoke-WmiMethod -InputObject $BTDevice -Name 'Disable' -Verbose -WhatIf }
                        catch { Write-Output "ERROR DISABLING [$($BTDevice.Caption)][$($BTDevice.Description)] @ [$($BTDevice.DeviceID)]:`r`n$_" }
                    }
            }
    }

Both work and I personally don’t have a preference.  It’s really just a tomato tomahtoe / potaytoh potato / six of one half dozen of another type situation.

Also, be sure to remove the -WhatIf parameter if you decide to use it!

So here’s what my Lenovo laptop looked like before:

BTBefore

And here’s what it looks like after:

BTAfter

Good Providence and be safe out there!

Advertisements