SAP users can get hacked if not careful
Thursday, 08 April 2010, 21:12 IST   |    63 Comments
Printer Print Email Email
SAP users can get hacked if not careful
Boston: A computer security expert has warned that companies using SAP AG's business management software could be vulnerable to stealth attacks by hackers if their systems are not properly configured. Many companies around the world use SAP's software and hence the problem is quite significant. The vulnerability could leave SAP's customers open to sabotage, espionage and fraud through so-called backdoor attacks, said Mariano NuNez Di Croce, Director of research and development with computer security firm Onapsis to Reuters. "In a typical default installation, anybody can connect to SAP database, modify standard programs and do whatever they want without detection," he said. However, SAP believes that if customers follow companies advice then they are safe from such attacks. "We believe that if customers follow our guidelines for security, the risk of illegitimate access through a backdoor can be excluded," said SAP spokesman Saswato Das. The software maker builds several layers of security into its programs. But NuNez Di Croce said that hackers can bypass those safeguards by manipulating those programs through an attached database whose security settings are not properly set. Once hackers gain access to an SAP system, they could install malicious programs to manipulate critical business processes or steal sensitive information, Nunez Di Croce said. Nunez Di Croce, whose company will release a free software tool to help companies protect against the threat, said he was not sure how frequently hackers had taken advantage of the vulnerability.

siliconindia