According to Amazon, Sidewalk offers “a new way to stay connected.”
How does Sidewalk Work?
Amazon’s connectability comes from sharing a small slice of internet bandwidth with nearby neighbours who don’t have a connection (and vice versa) so as to create city-wide ‘mesh networks’ that help keep Amazon devices connected at all times even when home wifi is unavailable..
To do this, Amazon uses Bluetooth and unused slices of the wireless spectrum, and will utilise Ring cameras and Echo speakers as bridges (referred to as Sidewalk Bridges) to keep everything connected, and this could give an extended range of up to half a mile depending on the setup.
Sidewalk is free to use for Amazon customers, once they have bought the hardware – and customers will have the option to remove their devices from the network. However, many industry experts have voiced concerns over potential cybersecurity issues.
Is there a risk?
“While this theoretically provides a solid foundation for security, anytime data travels across a foreign network, risk is introduced. With Sidewalk, data will be travelling freely across neighbour’s networks. While most individuals won’t inspect this data, it opens the door for abuse.”
“Sidewalk claims to utilise PKI to enable device authentication and secure network communication. However, they are using multiple Certificate Authorities (CA’s), and provide little information on how the PKI is implemented. One concerning excerpt from the Sidewalk whitepaper says “a Sidewalk CA issues the Sidewalk Network Server certificate, while the Application Server can be a self-signed certificate or a certificate signed by Sidewalk CA.”
“Amazon does not provide full details on when a self-signed certificate can be used or how that is integrated into the overall architecture of the solution. Usage of self-signed certificates fails to meet PKI best practices and raises concerns about the integrity of the overall system.
“Without a detailed security audit, it is impossible to determine what risks this raises, but it raises concern over the potential for abuse. If a bad actor creates a self-signed certificate for an application server, this could lead to a plethora of security risks.”
How to turn off Sidewalk:
The guide in PCMAG.COM is pretty straightforward and advises: