New app poses security risk for all military employees and contractors Published May 31, 2016 By Airman 1st Class Dennis Hoffman 21st Space Wing Public Affairs PETERSON AIR FORCE BASE, Colo. - -- The Air Force Operations Security support team was advised of a new and threatening Google Play phone application called CAC Scan on May 19, 2016.“CAC Scan has the power to scan the barcode on the front of a common access card to get the cardholder’s name, rank, social security number and your electronic data interchange personal identifier information,” according to the Google Play app description. Quick response code scanners and barcode scanners are commonly found in the online app store environments, but what makes this App unlike others is that it specifically targets and reads military CACs. There are very limited scenarios in which anyone would need to access the info on the CAC, said Master Sgt. Darren Snider, 21st Space Wing Space Control Plans and Programs flight chief.“If anybody is going to be scanning your military ID, it will either be scanned at the gate on base, or it’s going to be used for medical purposes,” said Snider. “That is the only legitimate use for scanning common access cards that I see. This is a vulnerability that we need to get the word out about.” While the legality of the CAC Scan app is questionable, Air Force Instruction 36-3026 states the rules in regards to photographing, reproducing and or unauthorized possession of ID cards. “Title 18, U.S.C., Section 701 prohibits photographing, reproducing, or possessing Uniformed Services ID cards in an unauthorized manner under penalty of fine, imprisonment or both,” according to AFI 36-3026. “Unauthorized use would exist if the bearer uses the card in a manner that would enable the bearer to obtain benefits and privileges to which he or she is not entitled.”Since the creation of smartphones, OPSEC has been on their toes combating security threats and vulnerabilities by apps like CAC Scan, said Victor Duckarmenn, 21st Space Wing Program Management Division quality assurance manager.“The idea of a CAC reader app is not new,” said Duckarmenn. “The biggest problem is the proliferation of these reader apps and the availability to acquire them with smartphone technology.” As military service members and Department of Defense contractors, there is a shared responsibility in having positive control over and guarding our personal information at all times. Pass and ID, located in the mission support building, freely hand out card covers for military CACs and other cards possessing radio-frequency identification, said Duckarmenn. These covers block signals from potential threats that compromise personal information.With the ever-changing threats to our personal safety and information, Team Pete members need to remain vigilant with a heightened situational awareness in all avenues in which those who wish to exploit information could cause harm.