Amazon wants your devices to talk to each other. Should you take a walk on Sidewalk?

Rob Pegoraro
|  Special to USA TODAY
Amazon Pharmacy brings serious competition to drugstoresNo industry is safe from Amazon, not even pharmacies.Buzz60Our Amazon devices will soon get chattier with each other.The Seattle tech giant is activating a peer-to-peer connectivity system called Amazon Sidewalk to enable its connected gadgets to work better and help them ride out network interruptions.Sidewalk is arriving not as a one-click transaction, but as a zero-click proposition. As in, it’s on unless you jump into Amazon’s apps to turn it off – Amazon says it’s coming online on Ring security cameras, but has yet to reach compatible Echo devices.(In the Amazon Alexa app for Android and iOS, tap the “More” menu button, then “Settings,” then “Account Settings,” then “Amazon Sidewalk.”)The sales pitch documented in a 13-page report is that you won’t notice Sidewalk’s data overhead – limited to 500 MB a month, which should not catapult customers over their data caps – but will appreciate having Amazon-okayed gadgets keep each other online.Good neighbors share, right?: Amazon just started sharing your internet connection with your neighborsIf you have $3,000, should you spend it on 1 share of Amazon?: It depends on your current portfolio.Think of the dogs, the document suggests: “A pet-finder device can leverage Amazon Sidewalk to locate a dog that has left the yard and is out of reach of the user’s personal network.”Sidewalk’s encrypted mesh network, employing Bluetooth and low-frequency radio links from smart-home gadgets, will only accept trusted devices with a factory-set key. Sidewalk then wraps each signal in three layers of encryption to keep its details hidden from any device in the middle. Randomized and frequently-changed device identifiers further reduce the trail available to any attacker and to Amazon itself.That encryption encapsulating Sidewalk bits should ease privacy fears, one outside expert briefed by Amazon said.”Amazon has taken concrete, sophisticated technical steps to protect data on the Sidewalk network,” emailed John Verdi, a policy vice president at the Future of Privacy Forum. “Data minimization and encryption go a long way to mitigating privacy risks in this context.”That Washington-based think tank is funded in part by industry firms, Amazon included. (For that matter, Gannett’s Reviewed.com makes money from Amazon referral links.)”I believe Amazon has some of the best, if not the best security for consumer IoT devices and I am comfortable with what I have seen with Sidewalk,” emailed Patrick Moorhead, an analyst with Moor Insights & Strategy whom Amazon briefed at length – Amazon is among Moor’s 150-plus clients. “Security is a constantly moving target and I also have confidence that Ring and Amazon have the resources to update its security if and when a breach occurs.”More: Amazon says 2020 shopping season has been their biggest ever with big Black Friday, Cyber Monday salesAn Amazon publicist declined to speak on the record, but the company hired third-party security firms to probe Sidewalk for vulnerabilities.An outside security expert, not briefed by Amazon, worried about rogue devices on Sidewalk.”I’d be curious to know how they’d prevent an active attempt though this network,” emailed Bryson Bort, founder and CEO of the Arlington, Virginia, security firm Scythe. For example, he wondered about possible exploits involving a compromised Echo: “You don’t need an RCE (remote code execution) when the design is to allow other Amazon devices to use the network.”Amazon’s own history offers cause for concern. In January, it fired Ring employees who had abused access privileges to snoop on the footage of customers’ cameras. Earlier, weak security defaults led to the remote takeover of thousands of Ring cameras.  There’s also the issue of potential government curiosity about whatever Sidewalk data Amazon keeps. Amazon’s paper says it resists “overly broad requests by law enforcement,” but the transparency reports it posts about those demands have yet to detail how often government investigators seek information from Amazon’s smart-home gadgets. Now that Amazon wants to enlist customers’ homes as its hotspots, it should fix that.Rob Pegoraro is a tech writer based out of Washington, D.C. To submit a tech question, email Rob at rob@robpegoraro.com. Follow him on Twitter at @robpegoraro.

Source link