Security expert warns of way to attack SAP systems

A software security expert warned that flaws in the design of business management software from SAP AG can allow hackers to easily break into corporate computer systems via the Internet. Alexander Polyakov, chief technology officer of software security firm ERPScan, unveiled the vulnerabilities on Thursday at the Black Hat hacking conference in Las Vegas. He said the flaws affect systems that corporate workers use to access their software systems over the Internet. Polyakov was one of dozens of hacking experts to make presentations at the annual gathering, which is attended by security professionals who want to learn about the latest security vulnerabilities. He said in an interview that he can set up a query using Google Inc’s search engine that would identify systems that are vulnerable to attack. In some cases, he said, he could set up fictional accounts to access those systems, granting those users wide access to secret corporate data. He could also delete some valuable data by overwriting databases with “trash,” he said. Officials with SAP could not be reached for comment. Polyakov said that the software maker has told him it expects to release a program to fix the security vulnerability within about a week.