I use amazon devices nearly every day and while far from perfect they do the job and rely on them as a company.
But learning about Amazon Sidewalk has raised a few concerns so what is it, is it a problem and what can we do about it?
First What is it?
It's a feature that allows amazon devices to all talk together apparently for the purposes of being able to reach the internet. So if any given device can't reach the internet well it will just use someone else's connection.
The details are that it won't be fast, and their is a whitepaper on how it's secured but still it allows anyone close enough to access the internet via your network.
If you don't like it - you can opt out, apparently.
So what Is the concern?
Privacy and security always first..
A system like this is inherently complicated to do and secure, so although even they have taken great efforts to ensure that if everything works as it should - yes you would be secure, The reality is nothing is 100% secure. There will be bugs and defects in the software just waiting to be found and exploited.
The issue here is that an exploit would allow an attacker unrestricted and full access to you network or even just to spy on your conversations, watch you over camera's. know when your in or out.
And you have the other side of the coin… you might not want your device accessing the internet such as when visiting friends or on holiday. But now it will, so how do you protect your device itself from being attacked over that connection? or from 3rd parties creating “fake hotspots”
You already have the devices so it costs you nothing? well…. If your bandwidth is capped or cost based on use then yes you will be paying for someone else to use your internet. Your bandwidth will also slow down devices become less responsive not by a lot but it all adds up.
According to the BBC this only applies to the USA, so it may never reach us, but it's still something to watch for.
And in reality services like 4G will be faster but it's the nastier side of life we need to think about.
What will it do in the future?
There is a precedent here that the internet connection you pay for is no longer private to you, and that a device manufacturer can decide to share that connection out in anyway to anyone they see fit. That's incredibly valuable to them in terms of making products marketable and useful as a consumer who might want to use that service but for you?
You are putting your security and privacy at risk and it could mean your are literally paying hard cash to your service provider just to allow the manufacturer of those devices to offer features to other people.
I personally find this more of an issue than any security floor or vulnerability. If you imagine that there was no WIFI passwords, and you could connect to any network - it's the first stepping stone that way.
What can you do right now?
You can and should opt out but don't rely on that as their are reports of people being silently opted back in, but the other options are:
- The simple option is to simply don't use amazon devices, I recommend against some of them anyway for various reasons but not using them sends a message and is 100% safe.
- Implement best practice with IoT devices, where you isolate them into their own virtual network ( VLAN ) so that they cannot access the rest of your equipment and data.