> When Sidewalk is on, your Bridge can share a low-bandwidth connection with Sidewalk-enabled devices, like sensors and smart lights that are installed in locations around and outside your home where wifi may not be available. Amazon Sidewalk does not support high-bandwidth connections like a wifi or cellular network would, so you would still use those connections for streaming movies, posting on social media or sending email.
It does share your Internet connection. By default, an Alexa device in my house would be negotiating a connection sharing arrangement with my neighbor's. If/when a vulnerability is found in these devices, an attacker on my neighbor's network will have connectivity to a node on my network. Now imagine the case where a small business has a vulnerable Alexa on their network to play some music in the office. Anyone who could get a hacked Alexa within 900MHz range of that office would have access to that office, open file shares, etc.
Perhaps, but does the same thing not apply to Apple iOS or Google Android devices? If an attacker finds a vulnerability in one of these common devices, they can compromise any of your users' devices and can then open file shares, exfiltrate data over their cellular link, etc.
We are now in year 7 of availability of Amazon Echo devices, and there are two recorded vulnerabilities (one required internal hardware access, the other required connecting the device to a malicious WiFi AP.) Given that track record, there may never be a broadly exploitable vulnerability in the devices; they are pretty locked down and they auto-update regularly, with no provision for delaying or blocking said updates.
No, it doesn't. Those aren't designed to make a bridge between untrusted networks. With a phone, they're usually on either LTE (which is generally regarded as reasonably secure) or your home network, but not typically both at the same time. Someone at Verizon could hypothetically exploit my phone from inside their network and then use that to attack my home LAN but that seems a pretty low risk.
I don't believe that any of my neighbors has worked as hard to secure their home network as my cell phone carrier has.
The number of prior vulnerabilities isn't relevant here. Up until now, an Alexa has been more or less a "dumb" client that relays voice samples to a cloud server for processing. Now it's being repurposed into a new role as a network server itself, running new software that hasn't yet been widely tested, which implements a new network protocol which hasn't been widely deployed.
It's a change, certainly, but mobile devices are a much bigger risk to your internal network than a Echo device is. Both are general-purpose computers inside, but the attack surface of a phone is way larger, and there are plenty of recorded instances of phones being compromised. The Echo devices have a good security track record, and I feel they remain much less likely to be compromised than any mobile device.
The number of prior vulnerabilities is totally relevant. Your threat model required a vulnerability to be found in these devices allowing them to access your network maliciously. I am presenting data showing that the such a threat is unlikely, especially when compared to mobile devices that you (presumably) already grant unfettered access to your network.
Sure, if you feel that an Echo device is now a larger threat than it was before this feature was enabled, you may want to get rid of the device. I don't feel that way, I think the small increased threat to my network is outweighed by the value of being able to find my dad's keys when he drops them (and the attached Tile locator) outside the home of someone with an active Sidewalk device.
I think the Tile bit is a non sequitur. There’s no need for a Tile tag to create a network connection to a remote serve. That functionality could have been implemented without Sidewalk (eg Apple’s Find My is completely differently), so I’m dismissing that justification from Amazon.
I have a few Tile tags, too, and I hope their new Amazon partnership makes them start being useful. It didn’t need Sidewalk though.
When a Tile device associates to another device that detects it, that device has to send a network packet to the cloud that says that it found a Tile with a certain serial number. That’s using your network/your bandwidth to transmit proprietary data about someone else’s property, without asking your permission. That’s exactly the same in kind, just maybe not in degree.
New Tile devices can play a sound on command. If you use Sidewalk to send a play-sound command to a Tile, then again you are using this proprietary shared network.
if this was doing for tile what find my did for airtags i don't think there would be such an uproar - this is open internet for whatever the device and manufacturer want to do not an encrypted "hey katbyte your airtag is here" that only the user at the other end can read - i trust apple, and maybe i trust amazon, but i don't; trust the flood of rando devices that will use and abuse this
Perhaps, but Apple didn't even ask about airtags, they just quietly broadened the "Find My network" across all Apple hardware to support this new feature. And there's nothing stopping apple from generalizing their "Find My" network to pass the same type of data that Amazon is.
find my is airtag location -> owner and sidewalk is device <-any data-> amazon/device owner.
airtags has privacy built in and anti stalking, tile and amazon sidewalk does not. Sidewalk is enough bandwidth you could easily drop a location track & voice recorder on someone and have it spy - voice can go as low as 30kbps.
> When Sidewalk is on, your Bridge can share a low-bandwidth connection with Sidewalk-enabled devices, like sensors and smart lights that are installed in locations around and outside your home where wifi may not be available. Amazon Sidewalk does not support high-bandwidth connections like a wifi or cellular network would, so you would still use those connections for streaming movies, posting on social media or sending email.
It does share your Internet connection. By default, an Alexa device in my house would be negotiating a connection sharing arrangement with my neighbor's. If/when a vulnerability is found in these devices, an attacker on my neighbor's network will have connectivity to a node on my network. Now imagine the case where a small business has a vulnerable Alexa on their network to play some music in the office. Anyone who could get a hacked Alexa within 900MHz range of that office would have access to that office, open file shares, etc.