Palo Alto, CA - June 24, 2015 ERPScan hosted a webinar titled "SAP Mobile Security". Dmitry Chastuhin, Director of security consulting at ERPScan, described SMP architecture and showed several attack scenarios.
Have you ever thought how tempting it might be for hackers to get access to most influential data stored on a Fortune 2000 CEO's mobile phone and rule the world? Today, we are witnessing an unprecedented number of Mobile devices being integrated into the core business processes of organizations. These are actively being accessed by top level Executives to manage things remotely. Especially concerning is the level of access, even if mobile access for a typical middle-level employee is restricted or limited, CXOs can do everything! There are more and more business applications and an increasing number of mobile devices out there. The "mobilization" of enterprises has also opened unintentional doors to all the evil that comes along with integration and security. You might hear of many talks regarding mobile security but never has anything significant related to an SAP Mobile ecosystem been spoken before.
These systems access most essential functions of a large enterprise, which in turn often deploy plethora of business systems and heterogeneous fleet of devices. Essentially, Information needs to be transmitted quickly and safely. The SAP's best-known software products are its enterprise resource planning, CRM and BW applications that are deployed in almost all companies in the Forbes Global 2000 list. You already hear a lot about vulnerabilities in SAP's different platforms and now the new emerging scenario dictates that even their Mobile infrastructure needs to be paid a close attention to. This consists of multiple systems such as SAP Mobile Platform (Formerly Sybase Unwired Platform) also SAP Afaria MDM solution, Sybase SQL Anywhere Database and hundreds of SAP's mobile applications. They even have their own store for mobile apps that can be developed by third parties. The talk highlighted how SAP Mobile devices are vulnerable to hacking.
If you missed the webinar, you are welcome to visit Dmitry's presentation SAP Afaria. One SMS to Hack a Company at HITB GSEC on October 16, 2015.