Amazon Sidewalk Focuses On Security And Privacy For All IoT Users

Amazon Sidewalk AMAZON

Late last year, Amazon announced its plans for enabling a new IoT wireless service called Amazon Sidewalk. I wrote about it here. I will get more into details later, but in short, this project is a wireless service over 900MHz and 2.4GHz. that crowdsources data from other users’ networks to power IoT devices in the event of Wi-Fi outages or poor signals.

I saw some initial concerns from the press regarding the decision to enable Sidewalk by default on Echo and Ring devices, setting a drop-dead opt-out date, and a swath of other security and privacy concerns. Some of these concerns were valid, and some were flat-out wrong. With IoT devices, the problems are always similar. Customers want private, secure, cost-efficient devices with utility and ease of setup and management. Any device setup in your home that can become a target of a hacker attack comes with resistance and some fear-mongering from a few publications. I wanted to address the concerns of some journalists and customers and tray and set the record straight on Amazon’s Sidewalk project as far as I see it. Let’s dig in. 

Amazon Sidewalk Explained 

Sidewalk, in concept, is essentially a long-range (up to half a mile) 900MHz wireless service that crowdsources a small fraction of participating users’ bandwidth to bring more connectivity to everyone. Amazon says the wireless service will help simplify new device setup, extend the range of low-bandwidth Bluetooth devices and even keep devices online when they are out of range of their home network. Amazon envisions Sidewalk as a much bigger deal than simply a service to find lost items. While locating lost valuables is undoubtedly one potential use case, one can also use it to help locate lost pets, provide diagnostics for appliances and power tools and bolster the reliability of various smart home devices, such as intelligent lighting and leak sensors. Amazon is also doubling down on the devices it will support with Sidewalk, including Tile tags, smart locks, and CareBand wearables.

Here’s how it works. When Sidewalk goes fully online in June, Amazon will prompt customers with compatible “gateway” devices such as Echo and Ring to either opt-in or out of the wireless service. This will occur as soon as a new device boots up or through an OTA update for preexisting devices. Those who opt-in will share a negligible amount of their bandwidth in exchange for access to Sidewalk. Never fear—Amazon will not siphon off enough bandwidth to prevent you from getting your everyday Internet experience. The company says that the maximum bandwidth harnessed by the Sidewalk server is 80Kbps, which translates to 1/40th of the bandwidth needed to stream your average hi-def video. Additionally, the amount of monthly data afforded to Sidewalk-enabled devices caps at 500MB per customer. 

If you’re having trouble following, I believe the intelligent lighting use case mentioned earlier illustrates Sidewalk’s value proposition well. Typically, a person’s outdoor smart lights will shut off when their home Wi-Fi network goes down. If they’re a part of Sidewalk, though, the lights could potentially draw bandwidth from, say, a neighbor’s Sidewalk gateway and stay operational during the Wi-Fi outage. Of course, the success of Sidewalk depends entirely on a critical mass of people opting into it since its usefulness directly correlates to how many people are participating in the crowdsourced wireless service.

Opt out or forever hold your peace?

Some publications are using Amazon Sidewalk as an opportunity to fear-monger customers who already have Amazon IoT devices set up throughout and around their homes. I have encountered these sorts of tactics for years regarding in-home IoT devices, so I am not completely surprised. Ring Always Home Cam comes to memory as a recent example of an extreme case of this sort of behavior from many publications. I consider myself a technology optimist but also respect that others don’t. 

One of the main concerns that I have seen around Amazon Sidewalk is that existing Echo and Ring customers have until June 8th to make a permanent decision whether to opt-in or opt-out of the service. This isn’t true as Amazon gives users the ability to opt in or out at any given time via the Amazon Alexa and Ring applications. I confirmed with Amazon that existing Echo users were notified via email over a month ago about the new network. Additionally, Amazon will push out in-app notifications before Sidewalk enables on customer devices. Some Ring customers are actively using Amazon Sidewalk currently, and we haven’t received any notable negative feedback that I am aware of. 

There shouldn’t be a tremendous sense of urgency from existing customers to opt-out now. If security and privacy are your big concern, I understand. But keep in mind that you can disable Amazon Sidewalk at any time and no longer use your IoT devices as a bridge for neighboring devices. 

Addressing security & privacy risks 

Being able to pull bandwidth from your neighbor’s IoT devices while your Wi-Fi is out would be incredibly helpful in certain situations. I could see this as especially valuable for security reasons as Ring doorbells, and security cameras use Wi-Fi to transmit video footage back to your mobile device, often when you aren’t home. With the number of endpoints and use cases growing, Amazon has an increased number of security risks. Let’s dig into what Amazon has done to ensure customers’ privacy will not be infringed and customer data won’t be accessible to hackers or leaks. 

I understand the concern from some customers that don’t want their IoT device hacked and data stolen. This was my main area of concern initially as well. I have hundreds of IoT devices from various vendors on my Wi-Fi network, and the idea of risking my security and privacy to offer a broader network for other users’ devices wasn’t very appealing at first. After digging into the actual nuts and bolts of Amazon Sidewalks’ security strategy, I was more at ease. 

To start, Amazon Sidewalk uses three layers of encryption to keep devices secure. The three layers include an application layer, network layer, and a flex message layer. This ensures that both the endpoint and the bridge are validated before the use of the bridge. Also, customers that utilize others customers’ wireless services have no access to view their devices. This means that if my neighbors use my wireless service to run their IoT devices, I run little risk of them being able to see my devices and data. The same encryption standards apply to all third-party applications utilizing the wireless service as well.

Another nice feature of Sidewalk’s security is that all routing information for operating the network components is cleared every 24 hours without any user interaction. Amazon removes the data automatically on its end. Critical customer data isn’t sitting in storage collecting dust and waiting for a hacker to raid it as there is a limited window. Amazon also implemented some features that will help encrypt and anonymize user data, including hashing keys, cryptographic algorithms, and rotating device IDs. Implementing these measures will make it harder for hackers to identify your network and devices uniquely. 

Wrapping up 

If you own a compatible Echo device, you will get the opportunity to join Amazon Sidewalk beginning on June 8th. To start with, your Echo will immediately extend your Tile coverage (and that of any other enabled devices). I think that Sidewalk is full of potential that is only beginning to become apparent. The sort of functions one can perform with Sidewalk are great examples of the “connected world of the future” we in the tech industry love to muse on and speculate about. 

To me, it looks like Amazon has invested much time into nailing down its security and privacy strategy before fully implementing Sidewalk. While the project brings about some valid concerns, after diving deep into the facts about Sidewalk’s opt-in/out procedures and security and privacy strategies, I believe users should be confident in Amazon’s preventative measures. To be clear, there are no infallible technologies as we have nation state budgets attacking everything out there, but you’d have to get rid of email, social media, smartphones and the internet if you want or need zero risk. 

I think Amazon is committed to keeping customer data confidential and secure. In my opinion, the benefits of Sidewalk are tremendous, and I believe we are only scratching the surface of the types of applications that Sidewalk will take on in the future. But all of this relies on a willing customer base working together to create a more connected world. I will continue to follow Amazon Sidewalks’ progression as the company rolls it out more fully on June 8th. 

I’ll be turning Sidewalk on for all my Amazon devices. 

Note: Moor Insights & Strategy writers and editors may have contributed to this article.