Introduction
Since its inception, Amazon Sidewalk has been drawing quite a bit of controversy. Cybersecurity professionals are concerned about the security and lack of visibility of this service. Reportedly, Houdini malware attacks are common to spoof systems and exfiltrate data within a user-agent field. Many employees can use Amazon Sidewalk to work from home and connect to their respective organization’s networks remotely. Sidewalk mostly works through Amazon Echo Alexa voice assistant, Ring Doorbell, or Camera.
In this blog post, we will explore Amazon Sidewalk, how it works, and what security risks are associated with this service.
What is Sidewalk?
According to Amazon: “Sidewalk is a shared network that helps devices like Amazon Echo devices, Ring Security Cams, outdoor lights, motion sensors, and Tile trackers work better at home and beyond the front door. When enabled, Sidewalk can unlock unique benefits for your device, support other Sidewalk devices in your community and even locate pets or lost items.”
How Does Amazon Sidewalk work?
The Sidewalk creates a low-bandwidth network through the use of Sidewalk Bridge devices that include Select Echo and Ring Devices. After that, these devices share a small portion of the user’s internet bandwidth with Amazon’s devices and third-party gadgets that partner with Amazon in areas outside the user’s home.
The network created by Sidewalk is hidden. It means that the user cannot walk over to his neighbour’s home and log in to the Sidewalk network and start using their WiFi. Moreover, only low-bandwidth network connections can use Sidewalk’s data transmission. The devices having this type of connection will automatically establish network connectivity. In the event of a network failure, Sidewalk Bridge devices can still continue operations through the use of a Sidewalk network from the neighbour if it is enabled.
What Security Risks Are Associated with Amazon Sidewalk?
According to Amazon, security and privacy are important elements of Amazon’s products and services. Amazon Sidewalk provides users with multiple layers of security and privacy to secure the data that is being transmitted over the network. For security purposes, Sidewalk implements encryption, data minimization, and trusted device identities.
Despite the security assurance from Amazon, there are several privacy and security risks associated with the Amazon Sidewalk. As per the Cato Network’s SASE Threat Research Report, these security issues can undermine the effectiveness of a risk assessment. According to this report, the inherent lack of visibility into the data stream is the biggest security threat to Sidewalk. The following sections will describe in more detail.
Lack of Visibility
All security begins with visibility; the ability to see what weakness exist, how attackers might exploit those weaknesses and what, if any threats have breach the perimeter. This lack of visibility denies Chief Information Security Officers (CISOs) and their IT teams to discover potential vulnerabilities. As a result, these weaknesses stay undetected and unnoticed.
Moreover, these security professionals will not be able to identify the myriad types of devices connected to the corporate network, whether these devices are secured or not, or what, if any threats they may have introduced.
Lack of Data Control
If data is not properly controlled, it can be intercepted on the network by threat actors. Sidewalk service doesn’t know where the data has gone or how 3rd party developers update and patch the software. These aspects cybersecurity and control are necessary for companies who practice a culture of security, by corporate mandate or regulatory construct, requiring they mitigate cybersecurity threats and minimize the likelihood of attacks.
The Final Word (Conclusion)
Although Amazon ensures the security and privacy of its products and services, the lack of visibility and data control leaves CISOs and security professionals only to trust, not verify that they are in good hands.
Organizations whose culture demands good cyber hygiene, or who is bound by oversight to ensure the security of CUI (Controlled Unclassified Information) must take security measures to thwart cyber-attacks. Sidewalk’s opacity leaves too much to chance.
References
- https://www.kansas.com/news/article252109143.html
- https://www.amazon.com/Amazon-Sidewalk/b?ie=UTF8&node=21328123011
- https://www.bankinfosecurity.com/amazon-sidewalk-raises-privacy-security-concerns-a-16798
- https://www.securityweek.com/amazon-sidewalk-mesh-network-raises-security-privacy-concerns
- https://www.makeuseof.com/should-you-be-worried-about-amazon-sidewalks-security/
