Amazon Sidewalk: Should You Be Co-Opted Into A Private Neighbourhood LoRa Network? – Hackaday

WiFi just isn’t very good at going through buildings. It’s fine for the main living areas of an average home, but once we venture towards the periphery of our domains it starts to become less reliable.  For connected devices outside the core of a home, this presents a problem, and it’s one Amazon hope to solve with their Sidewalk product.

It’s a low-bandwidth networking system that uses capability already built into some Echo and Ring devices, plus a portion of the owner’s broadband connection to the Internet.  The idea is to provide basic connectivity over longer distances to compatible devices even when the WiFi network is not available, but of most interest and concern is that it will also expose itself to devices owned by other people. If your Internet connection goes down, then your Ring devices will still provide a basic version of their functionality via a local low-bandwidth wide-area wireless network provided by the Amazon devices owned by your neighbours.

I Can See Your Amazon Ring From Here

It looks so harmless, doesn't it. A Ring doorbell once installed.
It looks so harmless, doesn’t it. Amin, CC BY-SA 4.0

The massive online retailer and IoT cloud provider would like to open up a portion of your home broadband connection via your home security devices over a wireless network to other similar devices owned by strangers. In the Amazon literature it is touted as providing all sorts of useful benefits to Ring and Echo owners, but it has obvious implications for both the privacy of your data should it be carried by other people’s devices, and for the security of your own network when devices you don’t own pass traffic over it. For the curious there’s a whitepaper offering more insights into the system, and aside from revealing that it uses 900 MHz FSK and LoRa as its RF layer there is not a lot information on how it works. As you might expect they have addressed the privacy and security issues through encryption, minimising the data transmitted, and constantly changing identifiers. To read the Amazon document at face value is to enter a world in which some confidence can be gained in the product.

The question on the lips of skeptical readers will no doubt be this: what could possibly go wrong? We would expect that the devices themselves and the radio portion of the network will be investigated thoroughly by those who make it their business to do such things, and while there is always the chance that somebody could discover a flaw in them it’s more probable that weaknesses could be found in the applications that sit atop the system. It’s something that has plagued Amazon’s IoT offerings before, such as last year when their Neighbors app was found to sit atop a far more garrulous API than expected, leading to a little more neighbourly information being shared than they bargained for. If Amazon’s blurb is to be believed then this system is to be opened up for third-party IoT device and app developers, and with each one of those the possibility of holes waiting to be discovered increases. We’ll keep you posted as they emerge.

Products such as Amazon Echo and Ring are incredible showcases of 21st century technology. They’re the living embodiment of an automated Jetsons future, and we’d be lying if we said we didn’t want a little slice of that future. But as you all know, the version of that future peddled by them and their competitors is a deeply flawed one in which the consumers who buy the products are largely unaware of how much data is created from them. From a purely technical perspective the idea of home security products that automatically form a low bandwidth network for use in case of main network failure is an exceptionally cool one, but when coupled with the monster data slurp of the Amazon behemoth it assumes a slightly more worrying set of possibilities. Is it possible to be George Jetson without Mr. Spacely gazing over your shoulder?

CategoriesUncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *