This study addresses the fragmentation of security, privacy, accessibility, and usability (SPAU) in IoT applications for older adults. Through a systematic review of 44 empirical studies published between 2004 and 2024, we propose the first integrated SPAU-IoT framework—comprising 27 interoperable criteria—and an age-informed threat model that explicitly incorporates cognitive and sensory decline. Our methodology comprises five-stage literature screening, framework-based assessment, compliance analysis against ADA and WCAG standards, and multidimensional threat modeling. Results reveal that over 70% of studies prioritize authentication and encryption, yet fewer than 50% address accessibility or usability. Critically, we identify systemic misalignment among SPAU dimensions—an insight previously unreported. The work delivers actionable design guidelines and establishes foundational theoretical and practical support for standardizing elderly-friendly IoT systems. (149 words)

The Internet of Things (IoT) has the potential to enhance older adults' independence and quality of life, but it also exposes them to security, privacy, accessibility, and usability (SPAU) risks. We conducted a systematic review of 44 peer-reviewed studies published between 2004 and 2024 using a five-phase screening pipeline. From each study, we extracted data on study design, IoT type, SPAU measures, and identified research gaps. We introduce the SPAU-IoT Framework, which comprises 27 criteria across four dimensions: security (e.g., resilience to cyber threats, secure authentication, encrypted communication, secure-by-default settings, and guardianship features), privacy (e.g., data minimization, explicit consent, and privacy-preserving analytics), accessibility (e.g., compliance with ADA/WCAG standards and assistive-technology compatibility), and usability (e.g., guided interaction, integrated assistance, and progressive learning). Applying this framework revealed that more than 70% of studies implemented authentication and encryption mechanisms, whereas fewer than 50% addressed accessibility or usability concerns. We further developed a threat model that maps IoT assets, networks, and backend servers to exploit vectors such as phishing, caregiver exploitation, and weak-password attacks, explicitly accounting for age-related vulnerabilities including cognitive decline and sensory impairment. Our results expose a systemic lack of integrated SPAU approaches in existing IoT research and translate these gaps into actionable, standards-aligned design guidelines for IoT systems designed for older adults.