On June 8th, Amazon released a new mesh network dubbed Amazon Sidewalk for all Amazon products ranging from Echos to Ring Doorbells. Sidewalk is intended to help keep these gadgets running in the event your home internet experiences an outage. How? By using a neighbor's Wi-Fi network. That will allow your Ring Doorbell to continue sending alerts, and smart lights will still work as usual. Amazon explains, "Sidewalk is a shared network that helps devices like Amazon Echo devices, Ring Security Cams, outdoor lights, motion sensors, and Tile trackers work better at home and beyond the front door.” The biggest issue with this new mesh network is that most people don't even know it happened.
Default Opt-In
Amazon is currently facing a lot of backlash from its decision to opt customers into this service by default without their knowledge or consent. Amazon gave its customers a mere seven days to read and understand the concept of Sidewalk before it went live, and that's simply irresponsible. With all new technologies, there will inevitably be security issues that come up. By not having the choice to opt-in, customers are left vulnerable to those security issues.
New Protocol
Security experts do like what they see in the whitepaper, but they want more detail about what is going on in the mesh network. Usually, when a new protocol is rolled out, it goes through a beta testing period. Sidewalk's June 8th release essentially is the beta test, which is a huge red flag. Fortunately, the whitepaper documents that they are using three layers of encryption, which is a good thing for privacy. Amazon will also use a rolling identifier for devices that are centrally linked to their database when determining what can connect to the mesh network.
Is There Cause for Concern?
With every new technology that comes out, there is a security concern. While Amazon has made the network secure, they have not tested it in a trial period, so there can easily be new vulnerabilities found every day. It is also using default opt-in, which means most people might not be aware they are participating in this network. While some problems will appear with the network, they aren’t concerning enough to step in the way of this being rolled out. It is worth noting that Sidewalk is a mesh network for device communication and not an internet sharing system, which does help prevent the customer from being easily exploited. In the coming months, it will be eye-opening to see if any large issues arise from this new mesh network. If you have any issues with the idea of being part of the network or feel like it is leaving your network vulnerable, you may want to go ahead and opt out.
How to Opt-Out
To opt-out, owners of Echo and Ring devices can follow these steps on Alexa or Ring apps:
Alexa app: Open More > select Settings > Account Settings > Amazon Sidewalk, and toggle it on/off
Ring app: Tap “three-lined” menu > Control Center > Sidewalk, and tap the slider button
From a Security Perspective
If you use Amazon devices and you haven't opted out, then you're already using the service. While this technology could potentially be a great innovation for connecting the world, Amazon's default opt-in decision has left a bad taste in a lot of people's mouths. Personally, I would opt out for the time being and wait to see what happens during this beta period. If things seem okay and the pros outweigh the cons, I'll reconsider opting in. I do think that Amazon has the proper security measures in place currently, but we see new vulnerabilities coming out every day. As a security professional, it makes me hesitant to link my devices with my neighborhood and put myself at risk of a security incident.
