Sarcouncil Journal of Engineering and Computer Sciences

Abstract: Internet of Things (IoT) has seen itself proliferating across industries and households rapidly. Its broad expansion has introduced severe present complex security risks to current safeguard. The IoT ecosystem has so much promise, but it also remains riddled with vulnerabilities, compliance inconsistencies and there is limited accountability from device manufacturers. This research investigates these three critical dimensions, that is technical weaknesses, regulatory gaps, and manufacturer responsibility, using a combined methodology of vulnerability analysis, policy review, and manufacturer case studies. This study details persistent device-level vulnerabilities, like hardcoded credentials and insecure communication protocols as well as delayed or absent firmware updates. While standards like GDPR and ETSI EN 303 645 exist, their implementation is found to be inconsistent, with many manufacturers only partially adhering to security recommendations. It exposes how compliance efforts are typically narrowed in their end-user data protection practices, overlooking the larger architectural risks with integrated IoT systems. This research further reveals how manufacturer obligations are often described as post-market obligations such as patching after incidents rather than proactive design mandates. This reactive orientation results in the delay of timely interventions and promotes a security posture which is outsourced to consumers and regulators rather than embedded right at the point of production. Through a synthesis of these technical, regulatory, and organizational shortcomings, the research offers a holistic understanding of why IoT security remains elusive despite ongoing efforts and recommends a Secure IoT Governance Model (SIGM) as a path forward.