The biggest security threat when mobilizing SAP applications is the risk of an employee losing the device and exposing the organization to possible customer data breaches, according to interviews with analysts. The good news is that, currently, mobile applications present fewer SAP security concerns than PCs do. Because there are so many different operating systems out there, targeting a huge base of users with a virus is difficult.
LAS VEGAS — For many enterprises, SAP's (NYSE: SAP) software is mission-critical. But according to Mariano Nunez Di Croce, a security researcher from Argentinean research vendor Onapsis, SAP software is at risk even when users properly follow all of the company's security guidelines. In a talk here at the Black Hat security conference, Di Croce argued that SAP deployments could be at risk from back doors, a technique used by hackers to secure future access to a system while remaining undetected.
Black Hat Europe researcher demonstrates techniques for inserting 'backdoors' into popular enterprise resource planning apps that aren't properly secured. Backdoor Trojans and rootkits that let attackers gain a foothold and remain entrenched in a compromised system aren't just for Windows PCs anymore -- SAP and other enterprise resource planning (ERP) applications are also susceptible to this form of attack
The Black Hat security conference will kick off next week in Barcelona, with training sessions and briefings from some of the most talented security researchers in the industry. Facebook's chief security officer, Max Kelly, is scheduled for a keynote presentation on Wednesday morning following two days of training sessions. The last two days of the conference will focus on briefings featuring research into a variety of threats on the Internet and application vulnerabilities.
The vulnerability could leave SAP's customers open to sabotage, espionage and fraud through so-called backdoor attacks, said Mariano NuÑez Di Croce, director of research and development with computer security firm Onapsis.