Latest News

Amazon Sidewalk Hopes to Connects Every Smart Device in the World – should we be worried?

Amazon has now implemented its controversial ‘Sidewalk’ initiative, an experimental service that will automatically turn every Echo speaker, Ring camera and other Amazon device into a shared wireless network.

According to Amazon, Sidewalk offers “a new way to stay connected.”

How does Sidewalk Work?

Amazon’s connectability comes from sharing a small slice of internet bandwidth with nearby neighbours who don’t have a connection (and vice versa) so as to create city-wide ‘mesh networks’ that help keep Amazon devices connected at all times even when home wifi is unavailable..

To do this, Amazon uses Bluetooth and unused slices of the wireless spectrum, and will utilise Ring cameras and Echo speakers as bridges (referred to as Sidewalk Bridges) to keep everything connected, and this could give an extended range of up to half a mile depending on the setup.

Sidewalk is free to use for Amazon customers, once they have bought the hardware – and customers will have the option to remove their devices from the network.  However, many industry experts have voiced concerns over potential cybersecurity issues.

Is there a risk?

Alan Grau, VP of IoT and Embedded Solutions at Sectigo, warns:
“According to Amazon, Sidewalk was designed with various precautions to prevent abuse. The system design includes data protection and privacy measures such as PKI for authentication, multiple levels of encryption, randomised ID’s, and data minimisation to avoid impacting network performance.

“While this theoretically provides a solid foundation for security, anytime data travels across a foreign network, risk is introduced. With Sidewalk, data will be travelling freely across neighbour’s networks. While most individuals won’t inspect this data, it opens the door for abuse.”

Sidewalk claims to utilise PKI to enable device authentication and secure network communication. However, they are using multiple Certificate Authorities (CA’s), and provide little information on how the PKI is implemented. One concerning excerpt from the Sidewalk whitepaper says “a Sidewalk CA issues the Sidewalk Network Server certificate, while the Application Server can be a self-signed certificate or a certificate signed by Sidewalk CA.”

“Amazon does not provide full details on when a self-signed certificate can be used or how that is integrated into the overall architecture of the solution. Usage of self-signed certificates fails to meet PKI best practices and raises concerns about the integrity of the overall system.

“Without a detailed security audit, it is impossible to determine what risks this raises, but it raises concern over the potential for abuse. If a bad actor creates a self-signed certificate for an application server, this could lead to a plethora of security risks.”

How to turn off Sidewalk:

Users have the option to turn off Sidewalk on their device if they want to – while some will appreciate the additional coverage, those who share the experts concerns can disconnect from the network.

The guide in PCMAG.COM is pretty straightforward and advises:

1. Go to the Alexa mobile app on your smartphone or tablet, go to More > Settings > Account Settings > Amazon Sidewalk (this does not work on desktop systems)
2. Click the toggle so it reads as “Disabled.”
Now you won’t have to worry about Sidewalk at all. Your networked items will work as they always have. (If you don’t see the Sidewalk option, your Amazon device likely isn’t compatible with Sidewalk.)