Search Icon
Register

Security and Privacy Challenges in Standardized IoT Systems: Insights from the EU Cyber Resilience Act

Anna Maria Mandalari (University College London), Volker Stocker (Weizenbaum Institute)

The EU’s Cyber Resilience Act (CRA) establishes mandatory cybersecurity requirements for products with digital elements, effectively acting as a security standard for the consumer Internet of Things (IoT). While standardization aims to reduce systemic vulnerabilities, security and privacy flaws in standardized requirements can be inherited at scale by widely deployed IoT products. In this paper, we analyze the CRA through the lens of standardized IoT security. We discuss implications for IoT standards and governance, stressing measurable security properties, automated evaluation, and supply-chain considerations. We argue that standardized IoT security cannot be treated as a purely procedural or compliance-driven exercise: regulatory ambiguity, limitations in conformity assessment scalability and harmonization, and gaps between formal compliance and real-world security outcomes risk turning standardization into a mechanism for scaling insecurity rather than mitigating it. Addressing these challenges requires sustained multidisciplinary research at the intersection of IoT standardization, security engineering, and governance, including systematic risk modeling approaches and the development of edge-centric threat models for local IoT environments.

Paper

View More Papers

Exploiting TLBs in Virtualized GPUs for Cross-VM Side-Channel Attacks

Hongyue Jin (Clemson University), Yanan Guo (University of Rochester), Zhenkai Zhang (Clemson University)

Read More

Decompiling the Synergy: An Empirical Study of Human–LLM Teaming...

Zion Leonahenahe Basque (Arizona State University), Samuele Doria (University of Padua), Ananta Soneji (Arizona State University), Wil Gibbs (Arizona State University), Adam Doupe (Arizona State University), Yan Shoshitaishvili (Arizona State University), Eleonora Losiouk (University of Padua), Ruoyu “Fish” Wang (Arizona State University), Simone Aonzo (EURECOM)

Read More

Towards Effective Prompt Stealing Attack against Text-to-Image Diffusion Models

Shiqian Zhao (Nanyang Technological University), Chong Wang (Nanyang Technological University), Yiming Li (Nanyang Technological University), Yihao Huang (NUS), Wenjie Qu (NUS), Siew-Kei Lam (Nanyang Technological University), Yi Xie (Tsinghua University), Kangjie Chen (Nanyang Technological University), Jie Zhang (CFAR and IHPC, A*STAR, Singapore), Tianwei Zhang (Nanyang Technological University)

Read More