Have you ever thought how to get access to most influential data stored on a Fortune 2000 CEO's mobile phone and rule the world? Today, we are witnessing unprecedented number of Mobile devices being integrated into the core business processes of companies and actively being accessed by top Executives to manage them remotely. Another aspect being the level of access, even if mobile access for a typical middle level employee is restricted or limited, CEO’s can do everything! There are more and more business applications and an increasing number of mobile devices out there. The "mobilization" of enterprises also forces the advent of evils associated with integration and security. You might hear of many talks regarding mobile security but never has anything significant related to a SAP Mobile ecosystem been spoken on before. These systems access most essential functions of a large enterprise, which in turn often deploy a plethora of business systems and heterogeneous fleet of devices. Essentially, Information needs to be transmitted quickly and safely. The SAP's best-known software products are its enterprise resource planning, CRM and BW applications that are deployed in almost all companies in the Forbes Global 2000 list. You already hear a lot about vulnerabilities in different SAP's platforms and now the new emerging scenario dictates that even their Mobile infrastructure needs to be paid a closed attention. It consists of multiple systems such as SAP Mobile Platform (Formerly Sybase Unwired Platform) also SAP Afaria MDM solution, Sybase SQL Anywhere Database and hundreds of SAP's mobile applications. They even have their own store for mobile apps that can be developed by third parties. This talk is an attempt to highlight how one can hack SAP Mobile.
Dmitry is a Director of security consulting at ERPScan. He works upon SAP security, particularly upon Web applications and JAVA, HANA and Mobile solutions. He has official acknowledgements from SAP for the vulnerabilities found. Dmitry is also a WEB 2.0 and social network security geek and bug bounty who found several critical bugs in Google, Nokia, Badoo. He is a contributor to the EAS-SEC project. He spoke at the following conferences: BlackHat, Hack in the Box, DeepSec, and BruCON
Founder of ERPScan, President of EAS-SEC.org project, accomplished R&D professional and Entrepreneur of the year. He is an expert at security for business-critical software like ERP, CRM, SRM and industry specific solutions. He has received due recognition having publishing over 100 vulnerabilities, as well as multiple whitepapers, such as annual award-winning "SAP Security in Figures”, surveys and a book devoted to information security research in SAP and Oracle. He has presented at more than 50 conferences in 20+ countries in all continents and held training sessions for the CISOs of Fortune 2000 companies, including SAP SE.