Amazon is Sidewalking into Your Home

Everywhere and Beyond

Until June 8th, Amazon was in your family home via one of their many ‘smart devices’, such as the Amazon Echo family of products. Each Echo means Alexa is just waiting to answer your question, play your requested music, or remind you it’s time to get the kids from school or friends.

On June 8th Amazon took another step to spread their presence and influence into every part of your family’s lives, potentially allowing your home network to be used by Amazon devices not belonging to you.

If you live in the US, and have one of the following Amazon devices in your home, unless you explicitly opt out, they now form part of an extended network for use by Sidewalk-enabled devices

  • Amazon Echo (3rd Gen and above)
  • Amazon Dot (3rd Gent and above)
  • Amazon Dot for Kids (3rd Gen and above)
  • Amazon Dot with Clock (3rd Gen and above)
  • Amazon Echo Plus (1st Gen and above)
  • Amazon Echo Show (1st Gen and above)
  • Amazon Echo Show 5, 8 or 10
  • Amazon Echo Spot
  • Amazon Echo Studio
  • Amazon Echo Input
  • Ring Floodlight Cam
  • Ring Floodlight Cam Wired
  • Ring Spotlight Cam Mount
  • Ring Floodlight Cam Wired Pro

Big list isn’t it! Essentially, newer Amazon devices, post 2018 can be part of the Sidewalk network.

If you live in the UK, you probably got an email from Amazon last year saying Sidewalk would be coming to the UK, but it was a mistake by Amazon.

What is Amazon Sidewalk?

To get the information straight from the horse’s mouth, you can view the official Amazon Sidewalk information page here.

Essentially it uses Bluetooth (technically BLE – Bluetooth Low Energy) and radio frequencies previously reserved by the FCC for use by cordless phones to allow Sidewalk-enabled devices to connect to the Internet even if there isn’t Wi-Fi coverage in your home.

The idea is for devices some way from your house, say smart floodlights in your garden, or garage, where they may be beyond you home Wi-Fi range, to still be able to connect to the Internet without you having to extend your Wi-Fi.

Another usage situation is where your home internet connection goes down. In this instance, Sidewalk-Enabled devices would be able to connector to the Sidewalk network coming from your neighbor’s house. Their Amazon Echo devices will allow your devices to still be able to transmit data back to the Amazon Cloud services.

That sounds useful. BUT – It also means your neighbor’s, and anyone else’s Sidewalk-enabled devices, will be able to connect to the Internet via your home network connection if they want. To be honest, the Amazon-Sidewalk enabled device might connect whether they want to or not. Amazon decides.

And this is where the controversy, and the privacy concerns arise. Literally anyone on the sidewalk near your house could be in range of your home network, and so effectively using your personal internet connection. Similarly, you families data from Sidewalk-enabled devices could be transmitted back your Amazon account across someone else’s network. So in theory, data about your children could pass through a stranger’s network.

Now, to counter the scaremongering above, Amazon do state that the Sidewalk data is all encrypted, and the amount of data transmitted will use a maximum bandwidth of 80Kbps, and the amount of data used will be 500MB per month. And all this will only be for Sidewalk-enabled devices.

So you should not have to worry about someone pulling up outside your house and watching 4k Netflix movies while you try to work out why your Zoom call won’t connect, or your children start screaming their Minecraft or GTA Online gaming connections have gone down.

If you really want all the details, and have the time, there is a detailed Sidewalk Whitepaper published by Amazon.

Amazon have lots of smart people working for them, so all should be good and secure right?

Right?

Trust Everyone?

Remember the X-Files? Remember: “Trust No One”.

From a cyber security aspect, this is the no. 1 thought. In the modern technological world, data and security are king. Everyone wants data, and everyone wants security. With Sidewalk, Amazon are supposedly getting the first, and giving you the second.

But the history of technology is littered with once secure connections that have vulnerabilities and weaknesses that only come to light when “out in the real world”.

Turn the way back machine to 1999 and the first days of home Wi-Fi. Wired Equivalent Privacy (WEP) was the security standard used to encrypt your Wi-Fi network and so keep out digital trespassers. WEP was ratified as the Wi-Fi security in 1999. By 2001, researchers had discovered an exploitable weakness.

Tried and true Bluetooth is not immune from security flaws. Look up “Key Negotiation of Bluetooth attack” when you are bored on the internet one day. This is a vulnerability discovered as recently as 2019.

Even Microsoft Exchange, the foundation of a lot of email systems, has seen potentially 60,000 organizations exposed to Exchange vulnerabilities.

Also – SolarWinds anyone?

Sidewalk is new, and was released into the wild on June 8th. And the clever people at Amazon have decided for all you Echo paying customers that you and your family really should enable this new shared home network service model. You have been automatically opted-in.

Personally, it is this concept that Amazon are making a positive (for them) decision on the usage of your family home network that concerns me the most. Who knows best which digital visitors you want to allow into your home: a big corporation focused on quarterly revenue targets and shareholder dividends, or you and your family?

Take Control

Fortunately, it is possible to take control and make your own decision whether to you want to enable Sidewalk in your family home.

If you have the Alexa app on your phone, select More on the lower right of the screen.

Then select Settings. Then Account. Then Amazon Sidewalk.

Once there, you can set Sidewalk to Disabled.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s