Amazon just announced a new product. It's called "Sidewalk," and it's designed to provide internet service to remote Amazon devices (think Echos, Ring cameras, security lights, etc) via your neighbor's Amazon devices, and in turn, their internet connection.
That's right. Amazon is making it possible for other people's devices to use YOUR internet connection for service, and they're not asking your permission. The feature is being turned on automatically on June 8th via a software update, regardless of if you want to participate or not.
Now, that can seem scary. Anytime a software company, a manufacturer, service provider, or whatever they may be, automatically opts all their customers into a new feature it's bound to turn some heads. Especially when it means the feature allows potentially unknown devices to access your home network via wifi without your approval, regardless of how safe the feature is claimed to be.
It's easy to bash something like Sidewalk on the surface, based on what we've said above. However, it's important to get into what features the service is intended to provide, how it works, and more importantly whether or not it's secure.
What is Amazon Sidewalk?
Amazon Sidewalk is a new wireless mesh service designed to share a fraction of your precious, precious Internet bandwidth with nearby, compatible Sidwwalk capable devices that are out of range or unable to connect to their home access point.
That means if your neighbor has Amazon powered wireless security lights, like ones manufactured by Ring, on their back yard shed and that shed is out of reach of their home wifi but is within range of one of your Amazon powered devices, it'll connect there instead and vice a versa.
How does Amazon Sidewalk Work?
Amazon Sidewalk uses Bluetooth, the 900 MHz spectrum, and other frequencies to extend coverage and provide the "benefit" mentioned above.
Amazon claims the amount of data being transferred from a Sidewalk device to the Sidewalk server is about 80kbps (when a request is made) and the total amount of data that can be transferred over a given month is capped at 500MB. In the grand scheme of things, yes, a strange device is using your internet connection but ultimately, not doing all that much.
Is Amazon Sidewalk Secure?
According to Amazon? Yes. Amazon claims both security and privacy are important aspects of the services provided by Sidewalk. As little metadata as possible is transferred between devices and servers. Network owners won't be able to see what neighboring devices are connected to their network and the same is true for other people in the area. Everything is designed to be seamless.
Amazon has put procedures in place to ensure the service is secure. They highlight the following in a whitepaper the company published late last month:
- Amazon designed Amazon Sidewalk with three layers of encryption to secure data traveling on Sidewalk.
- Amazon requires third-party applications to certify devices (endpoints) to ensure the same encryption standards and to prevent unauthorized access to the contents of packets.
- The routing information that Amazon does receive for operating the network components of Sidewalk is automatically cleared every 24 hours.
- Amazon designed Sidewalk to prevent customers with Sidewalk Gateways from viewing the data from other customers’ Sidewalk endpoints—and vice versa.
- Amazon uses one-way hashing keys, cryptographic algorithms, and rotating device IDs to dissociate data tied to customers.
- Amazon has set maximum upload limits and bandwidth caps to avoid latency impact for Sidewalk Gateway customers.
- Amazon provides a feature set for customers who own a Sidewalk Gateway to be able to choose to disable Amazon Sidewalk at any time.
Is Amazon Implementing Sidewalk Automatically the Right Thing to Do?
Amazon knows that if they implement Sidewalk as an opt-in service, it'll never take off. People just won't take the time to enable it, for whatever reason. Amazon is fully aware that Sidewalk would be dead on arrival.
By making Sidewalk an opt-out service, they gain critical mass almost instantly. The wireless mesh network that could otherwise take months, if not years to make, goes live as soon as the corresponding device has its latest software update installed.
Despite their security claims, we well know anything can happen in regards to a cyberattack and it might only be a matter of time before someone can exploit Amazon Sidewalk (or similar services) for some nefarious scheme. As a result, Security7 believes automatic opt-in services are hazardous and can potentially cause problems for end-users.
How do you Turn Amazon Sidewalk Off?
It's really easy. Here's what you have to do:
- Opening the Alexa app
- Opening More and selecting Settings
- Selecting Account Settings
- Selecting Amazon Sidewalk
- Turning Amazon Sidewalk Off
Ultimately, the decision is yours regarding you want to participate in Amazon's new Sidewalk service. We suggest you read through that whitepaper and make up your mind(s). That said, Security7 does not agree with Amazon's decision to make Sidewalk an opt-out service and we believe end-users should have a say, rather than just be forced into something potentially dangerous without their knowledge.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.