Lists
Lists
Ahmed, Shiraz, Ghanem, Mohamed Chahine and Dey, Maitreyee (2025) Security compliance of IoT devices with the UK PSTI Act: a comparative analysis. In: IEEE CH-2025 IEEE International Conference on Cyber Humanities, September 8-10, 2025, Florence, Italy. (In Press)
The rapid proliferation of Internet of Things (IoT) devices has intensified security concerns, prompting legislative measures such as the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act 2022. This paper delivers a comparative compliance assessment of two consumer-grade IoT cameras namely TP-Link TAPO C310 and TMEZON Bell 24S within the enforcement scope of the PSTI Act 2022. Employing a structured, tool-assisted methodology, we scrutinise manufacturer disclosures, firmware integrity and network behaviour, leveraging industrial tools and testing methodology. Our findings reveal that both devices achieve partial to full compliance across disclosure requirements, yet exhibit contrasting security characteristics in practice. The TAPO C310 satisfies documentation criteria but reveals vulnerabilities, including exposed ports, self-signed certificates and outdated encryption algorithms. By contrast, the Bell 24S demonstrates robust network defences and up-to-date cryptographic measures, albeit with limited transparency concerning firmware patch management. These results underscore that statutory declarations alone are insufficient: comprehensive technical validation is indispensable. We propose targeted recommendations to bridge the gap between paper-based compliance and operational security, advocating for mandatory technical audits and enhanced manufacturer transparency. Our study confirms that systematic, tool-driven testing is essential to verify IoT device adherence to the PSTI Act 2022 and to ensure the resilience of consumer-grade products against evolving cyber threats.
Available under License Creative Commons Attribution 4.0.
Download (164kB) | Preview
 |
View Item |