Just before the long weekend at the end of May, Amazon announced the release of their Sidewalk mesh network. There are many misconceptions about what it is and what it does, so this article will untangle some of the confusion.
It Isn’t Internet Sharing
Much of the press about Amazon Sidewalk has said that it will force you to share your internet or WiFi network. It won’t. It’s a network to connect home automation devices like smart light switches together in more flexible ways. Amazon is opening the network up to partners, the first of which is the Tile tracker.
Sidewalk can use the internet for some features, but won’t in general. If it does, Amazon is limiting its rate to 80 kilobits per second — or 8 kilobytes per second, which is only about 50% more than the modems we used in the old days. It is also capped at 500 MB per month, which is less than two hours of 80 kbps over the whole month. To be clear: it isn’t going to interfere with your streaming, video calls, or anything else. The average web page is over two megabytes in size, which would take over four minutes to download at that speed.
What is Sidewalk, Then?
Sidewalk is primarily a mesh network for home automation devices, like Alexa’s smart device features, Google Home, and Apple HomeKit. This mesh network can provide coverage where your home network is flaky. To build the ecosystem, people incorporate their devices into this mesh network.
The first partner company to integrate to Sidewalk is the Tile tracker tags. Sidewalk allows you to use a Tile tag at a distance further than typical Bluetooth range. Sidewalk uses Bluetooth, WiFi, and 900MHz radio to connect the mesh network together. There will be other partner companies; this is an important thing to understand about the Amazon Sidewalk mesh, that it’s not just Amazon. Other companies will make devices that operate as entities in the network, either as a device like a smart light switch, or as a hub like the Echo and Ring devices.
What is a Mesh Network, Anyway?
Suppose you want to send a birthday card to Alice, I live next door to you, and you know I work with Alice. Rather than sending the card through the postal system, you might give me the card to take to Alice. When I get to work, I run into Bob who sits next to Alice, so I give the card to Bob, who gives it to Alice.
That’s a mesh network. A web of people delivers the message in an ad hoc manner, and saves you postage. Notably, mesh networks work without explicit infrastructure or servers.
How does Amazon Sidewalk Use a Mesh?
Suppose you put an Alexa-controlled light in your bedroom, but the WiFi there is flaky. If you use Alexa to turn the light on or off, sometimes the command doesn’t get through. Let’s also suppose that in that bedroom, the WiFi from your neighbor’s house is stronger than your WiFi. Well, what if when your WiFi doesn’t process your command, your Alexa uses your neighbor’s WiFi instead? That’s what Amazon Sidewalk does, with a very simple mesh, from your Alexa to your neighbor’s WiFi to your light.
Let’s expand on that example. Suppose that you’re out on a walk in your neighborhood and realize you didn’t turn your lamp off. You press a button on your smartphone to turn the lamp off. Your phone passes that message to a nearby house, perhaps the one across the street, which hands that message to another house, and it ends up at your lamp, in much the same way as your birthday card made its way to Alice.
In some situations, Sidewalk won’t be able to route the message via the mesh. Instead, it has to send the message to the internet, and then back from the internet to the mesh network near the destination.
The Sidewalk documents we have seen do not have details of the mesh routing algorithms, such as how messages are routed via mesh and when or why they go into or out of the internet. So we don’t know how that works. We do know that when Sidewalk tries to send messages without involving the internet, messages are expected to be small, and relatively infrequent, because the bandwidth throttle and total data caps are someone’s “nobody should need anywhere close to this” limits. We don’t know how hard it tries, nor how successful its tries are.
How Is Sidewalk’s Privacy and Security?
Amazon describes the privacy and security of Sidewalk in a privacy and security whitepaper. Amazon also has an overview, a blog post about their goals, an IoT Integration site, and developer documentation for the SDK.
While it does not describe the details of the Sidewalk protocols, its description of the cryptographic security and privacy measures is promising. So is the sketch of the routing. It appears to have some good security and privacy protections. Of course, the proof is in the details and ultimate implementation. Amazon has a reasonable track record of designing, building, and updating security and privacy in AWS and related technologies. It’s in their interest to severely limit what participants in the mesh network learn about other participants, and thus whatever leaks researchers find are likely to be bugs.
What’s the Bad News?
We have a number of concerns about Sidewalk.
Amazon botched the announcement
Most of the articles about Sidewalk focused on the network sharing, without explaining that this is a community mesh network of home automation and related technologies. Even more recent articles, which at least have stopped talking about internet sharing, are instead talking about wireless (WiFi) sharing. It’s been difficult to understand what Sidewalk is and is not. At the end of our investigation, we don’t know that we’ve gotten it right, either. Amazon needs to do a much better job telling us what their new systems do.
To be fair, this is hard! Mesh networking is not widely used for wireless communications because the technology is difficult to implement. Nonetheless, this is all the more reason for Amazon to spend more time describing what Sidewalk is.
There are many missing details
Amazon has published some good overviews, white papers, and even some API descriptions, yet there is much that we still don’t know about Sidewalk. For example, we don’t know the details of the security and privacy measures. Likewise, we don’t know what the mesh routing algorithms are. Thus, there’s no independent analysis of Sidewalk.
Moreover, while we like the sketch of Sidewalk’s security, there will be inevitable transfers of information to Amazon, such as IDs of devices on the new network. We don’t know if there are other information transfers to participating devices, or things Amazon can infer.
It’s a V1 system, so it’s going to have bugs
Even though the initial description of privacy and security show that care went into designing Sidewalk, it’s a version-one system. So there are bugs in the protocol and the software. There also will be bugs yet to be written in Sidewalk-compatible devices and software made by Amazon and its partners. Being an early-adopter of any new technology has the benefit of being early, as well as the risks of being early.
No abuse mitigations
While Sidewalk has been designed for security and privacy, it has not been designed to mitigate abuse. This is a glaring hole.
Amazon’s whitepaper for Sidewalk describes a use case of a lost pet. The first Sidewalk partner is the Tile tracker. While we all empathize with someone whose pet is missing, and we’ve all wondered where we left our keys, any system that allows one to track a pet allows one to be a stalker. So Sidewalk creates new opportunities for people to stalk family members, former romantic partners, friends, neighbors, co-workers, and others. Just drop a tracker in their handbag or car, and you can track them. This has been our main criticism of Sidewalk, and to be fair, Tile says they are working on solutions. This has also been our criticism of Apple’s AirTags. Sidewalk amplifies the existing risk of a surreptitious tracker by giving it the extended reach of every Echo or Ring camera that’s participating in the Sidewalk network. If Sidewalk systems don’t have proper controls on them then estranged spouses, ex-roommates, and nosy neighbors, can use them to spy from anywhere in the world.
We also are concerned about how Amazon might connect its new Sidewalk technology to one of its most controversial products: Ring home doorbell surveillance cameras. For example, if Ring cameras are tied together through Sidewalk technology, they can form neighborhood-wide video surveillance systems.
While Amazon’s whitepapers indicate that the security and privacy is pretty good, Amazon is silent on these kinds of abuse scenarios. Indeed, their pet use case is a proxy for abuse. We are concerned that we don’t know what we don’t know about the overall ecosystem.
Opt-out rather than opt-in
Perhaps the most important principle in respectful design is user consent. People must be free to autonomously choose whether or not to use a technology, and whether or not another entity may process their personal information. Opt-in systems have far lower participation than opt-out systems, because most people either are not aware of the system and its settings, or don’t take the time to change the settings.
Thus, defaults matter. By making Sidewalk opt-out instead of opt-in, Amazon is ginning up a wider reach of its network, at the cost of genuine user control of their own technologies.
In Sidewalk’s case, there might be a relatively low infosec cost to a person being pushed into the system until they opt-out. The major risk is the effect of bugs in the system. It’s low risk, but not no risk.
If Amazon had made its new system opt-in, we might not be writing about it at all. It would have traded slower growth for fewer complaints.
How Do I Turn Sidewalk Off?
If you’ve decided after reading this that you don’t want to use Sidewalk, it’s easy to turn off.
Amazon has a page with instructions on how to turn Sidewalk off. If you do not use Alexa, Echo, or Ring, you won’t be using Sidewalk at all, so you don’t have to worry about turning it off.
Lack of Abuse Mitigations and Opt-Out by Design Are Sidewalk’s Biggest Flaws
Amazon’s Sidewalk system is a mesh network that uses their Echo devices and Ring cameras to improve the reach and reliability of their home automation systems and partner systems like Tile’s tracker. It is not an internet sharing system as some have reported. Its design appears to be privacy-friendly and to have good security. It is a brand-new system, so there will be bugs in it.
The major problem is a lack of mitigations to stop people from using it in abusive ways, such as tracking another person. It is also troubling that Amazon foisted the system on its users, placing on them the burden of opting out, rather than respecting its users’ autonomy and giving the opportunity to opt-in.
Go to Source of this post
Author Of this post: Jon Callas