View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 11, 2014

Payments data in SAP vulnerable to hacker attacks

Security company’s founder reveals manipulation of business processes.

By Vinod

Stored payment card data in SAP systems is vulnerable to attacks from hackers, according to SAP security products company ESNC’s founder, Ertunga Arsal.

Speaking at the Black Hat conference in Las Vegas, Arsal demonstrated the ease with which hackers can steal card data and reroute payments, reports SC Magazine.

He demonstrated a tool to launch a remote shell on a SAP system, through which he was able to gain admin user access, and ultimately access to vendor payment histories and bank accounts. Rerouting payments without leaving a trace was also showcased.

Arsal said that although it will take a long time to detect if there are no proper security measures in place, improved auditing and more automation would go a long way to mitigate the problem.

This poses a big challenge for SAP as its applications build the business backbone of some of the largest organisations in the world.

As technology makes rapid advances, a host of severe security threats are emerging. This year’s Black Hat information security conference in Las Vegas brought attention such threats, ranging from how any USB device could be hacked and creating fake websites, to the discovery that Russian hackers had stolen 1.2 billion logins and that 2 billion smartphones were vulnerable to hijacking.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.