Ripple20 Threatens Increasingly Connected Medical Devices
JSOF security researchers disclosed a series of vulnerabilities affecting connected devices in the enterprise, industrial, and healthcare industries earlier this month. Experts have expressed concern over the implications for connected medical devices, which could potentially offer attackers a gateway into hospital networks or allow them to affect patient care and safety. The IoT vulnerabilities, called Ripple20, could put hospital networks, medical data, and patient safety at risk.
Ripple20 lies in low-level TCP/IP software that is built by the company Treck. Due to the fact that most IoT device manufacturers build the library directly onto devices or integrate it through third-party components, many organizations may not know they’re exposed until it’s too late. The vulnerabilities found by JSOF range from minor bugs to major flaws that could enable DDoS or information disclosure, while two could leade to remote code execution.