Watch your back for CAC hack attack: Army neither supports nor recognizes smartphone CAC readers

In this U.S. Army file photo, a Soldier uses a smartphone. Remember, the U.S. Army has not authorized any common access card readers for smartphones.

In this U.S. Army file photo, a Soldier uses a smartphone. Remember, the U.S. Army has not authorized any common access card readers for smartphones.

Courtesy of the Computer Crime Investigative Unit, U.S. Army Criminal Investigation Command

CAC Scan, a free application for Android devices, was recently released on Google Play. With it, users could scan the barcode on the front of Common Access Cards (CAC), which contain some personally identifiable information (PII) such as the name, social security number, rank, and DoD ID number of the CAC cardholder.

DO NOT download or use any application designed to read the barcode, magnetic strip, or integrated circuit chip on your CAC. The application could be sending your PII to people you don’t want to send your PII to!

Neither CAC Scan nor any other CAC reader application available for download via an app store are sponsored or endorsed by the Department of the Army.

General Tips about Mobile Apps:

  • Before downloading, installing or using any application, take a moment to review the “About the Developer” section. This gives you information about other apps the developer has published. If available, visit the developer’s website and assess its content for things like history, professional appearance, etc.
  • Apps that purport to allow access to military or government sites should only be installed if they are official apps and downloaded through official channels.
  • Perusing user ratings and reviews gives you a sense of the veracity of the application’s claims. Inarguably, no app is completely perfect for all users, but complaints about security concerns should quickly stand out from other relatively benign issues.
  • If you’re unsure and inadvertently download an app, inspect your device’s application permissions screen to determine what other applications or information will be accessed by the app. A video game, for example, is unlikely to have a legitimate need to access your contacts.

To learn more, visit the Department of Defense’s site on Common Access Card security at www.cac.mil/common-access-card/cac-security, the Federal Communications Commission site on smartphone security at www.fcc.gov/smartphone-security, the Computer Crime Investigative Unit’s page on pay apps at www.cid.army.mil/assets/docs/2can/2CAN%200029-13-CID361MyPay.pdf, or the Computer Crime Investigative Unit’s page on apps that can compromise your Thrift Savings Plan at www.cid.army.mil/assets/docs/2can/2CAN%200013-13.pdf.

For more helpful tips from the Computer Crime Investigative Unit, visit www.cid.army.mil/cciuarchive.html.

(Visited 234 times, 1 visits today)

Leave a Reply