Security company’s founder reveals manipulation of business processes.
Stored payment card data in SAP systems is vulnerable to attacks from hackers, according to SAP security products company ESNC’s founder, Ertunga Arsal.
Speaking at the Black Hat conference in Las Vegas, Arsal demonstrated the ease with which hackers can steal card data and reroute payments, reports SC Magazine.
He demonstrated a tool to launch a remote shell on a SAP system, through which he was able to gain admin user access, and ultimately access to vendor payment histories and bank accounts. Rerouting payments without leaving a trace was also showcased.
Arsal said that although it will take a long time to detect if there are no proper security measures in place, improved auditing and more automation would go a long way to mitigate the problem.
This poses a big challenge for SAP as its applications build the business backbone of some of the largest organisations in the world.
As technology makes rapid advances, a host of severe security threats are emerging. This year’s Black Hat information security conference in Las Vegas brought attention such threats, ranging from how any USB device could be hacked and creating fake websites, to the discovery that Russian hackers had stolen 1.2 billion logins and that 2 billion smartphones were vulnerable to hijacking.