Smartphone App To Be Used As Hotel Room Keys

An anonymous reader writes Starwood Hotels and Resorts has became the first chain to let guests unlock doors with their phones at 10 Aloft, Element and W hotels. They hope to expand the program to 140 more properties in those brands by the middle of next year. From the article: "The technology's developer says that it uses its own encrypted secure channel to ensure thieves cannot abuse the innovation. But one expert had reservations. "Nothing is 100% secure, and once this technology is in widespread use it will make a very tasty target for hackers," said Prof Alan Woodward from the University of Surrey's department of computing.

More secure than cards

[Rosyna]

With an active CPU behind it, certainly this system can be more secure than the current card system. Also means much less chance of leaving the card in the room and less money spent replacing lost cards.

Re:More secure than cards

[itzly]

Unless the cards also have an active CPU.

Re:More secure than cards

[hsmith]

"can be" is the keyword there... Seeing how easily previous systems were compromised this doesn't have much promise behind it.

Re:More secure than cards

[Kielistic]

Also means much less chance of leaving the card in the room

But now having a dead phone after a late night of drinking/whatever just got a whole lot more annoying.

Re:More secure than cards

[mythosaz]

Unless all guests are expected to have smartphones as a requirement of occupancy, I imagine you'll get plain old room keys too.

Re:More secure than cards

[CastrTroy]

I could be less convenient in many ways though. For one thing, this means that I have to bring my phone with me when I go to the pool or the gym. Also, I don't think that the current cards are that expensive to replace. If they were, they could just charge the client for unreturned or lost cards, same as if other things in the room go missing.

Re:More secure than cards

[Kielistic]

At that point it's pretty much just a novelty. If I have to carry the key-card as a backup anyway (which would be smart) I'd rather just have an RFID enabled card and wave my wallet in front of the lock. If I have the card there is no security bonus form the more programmable phone since the card has to work also.

Although having redundancy on your person does have its benefits if you did happen to lose one or the other while out and about.

Re:More secure than cards

[SeaFox]

With an active CPU behind it, certainly this system can be more secure than the current card system.

Which means little unless they disable the old system. Much like changing the design of currency to thwart counterfeiters is worthless unless you devalue bills with the old design. The chain of security is only as strong as its weakest link.

Re:More secure than cards

[blue9steel]

With an active CPU behind it, certainly this system can be more secure than the current card system.

Adding an active CPU != more secure. They're exchanging a poorly secured but isolated token for a poorly secured but networked device. Sounds like a drop in security to me.

Re:More secure than cards

[roc97007]

> With an active CPU behind it, certainly this system can be more secure than the current card system.

That was my first thought. Such a system, for several reasons, has the potential of being significantly more secure.

The counter-argument might be that it depends entirely on the implementation. Whether an *effective* solution is generated, or just a solution that's convenient and looks secure, is an open question. Also whether such a solution has a back door or a weakness that can be globally exploited. I think this is a good thing, but I wouldn't want to bet my possessions on it until it had been in the field for awhile and experts had evaluated it for weaknesses.

I understand we're not talking about an airplane falling out of the sky, but as a person who travels with expensive equipment, door security is somewhat important to me.

> Also means much less chance of leaving the card in the room

For most people, although I'm related to people who regularly leave their phone behind when they leave the house. (Wife and daughter, mostly.) (And yes, a young lady without her smartphone in this age is a big deal, but that doesn't stop her from leaving it behind regularly. And of course it's a tragedy each time...)

> and less money spent replacing lost cards.

This is probably less significant. A little googling shows that you can get card keys printed with your logo for $0.02 apiece in quantity, making it cheaper than the monogrammed pens they give away.

Re:More secure than cards

[roc97007]

Unless the cards also have an active CPU.

I don't know what cards with an active CPU cost in quantity, (if anyone does, please chime in) but a little googling shows that monogrammed card keys can be had for about two cents (American) apiece in quantity.

An app is essentially the cost of NRE plus the cost of maintenance. Card keys with an active CPU is an ongoing, much more significant (I suspect...) expense. You could see that the hotels would want this.

Re:More secure than cards

They're exchanging a poorly secured but isolated token for a poorly secured but networked device. Sounds like a drop in security to me.

So what if it's a networked device? The only way hacking it is worth a damn is if you can gain access to the person's hotel room as a result of your hacking.

Which means... you have to hack their phone... then find their room. Knowing they're staying in room "1574" isn't very useful, unless you're actually present and can physically access room 1574 to steal shit from them. That's way too much work for the typical "target-of-opportunity" type of hack - the only people this would make "less secure" are people who already have a security entourage, which means that even if you hack their smartphones, you have to still deal with the thick-necked dudes in black suits who are standing guard outside the room.

The only thing this would allow remotely would be childish "haha you're locked out of your room," or "haha i unlocked the rooms in your hotel" pranks.

Re:More secure than cards

[houghi]

Money spend replacing cards? How much do they cost? And how much would they loose in precentage?

And I am sure cheaper options could be possible as well. They could start with writing the roomnumber on the card and thuse not have a seperate carton booklet with it.

Re:More secure than cards

[neokushan]

Depends on the cards you speak of. The kind used in EMV chip cards (Credit/Debit mostly outside the US for now), which are also contactless, can be had for about £3 a pop, probably less in bulk.

Re:More secure than cards

[dAzED1]

First, your phone is amazingly insecure - unless you have one of the ones dedicated to security. The most valuable thing you have is you - the who of who you are. Trusting that identity to your phone is...spectacularly foolish. Second, most people don't have a phone that could survive a trip to the hotel pool or hot tub, whereas the throwaway cards can do just that, just fine.

If someone breaks the card's security, the worst you're out is the stuff in your room. The more you stuff into your phone, then the worst that could happen is you aren't you anymore.

Re:More secure than cards

[quenda]

It is not even novel. TFA says the purpose is to bypass check-in. Some hotels have been using credit cards for many years now to do this. Eg small hotels after hours. It can even be made more secure by a PIN in your booking confirmation.

  Once you are checked in, nfc makes more sense. Can't they just use any existing nfc chip in your phone or credit cards for ID? Why all the trouble of getting your phone out?

Re:More secure than cards

[jrumney]

As a bonus, the app that the hotel has forced you to install to get access to your room can also be used to advertise the chain's other properties.

Re:More secure than cards

[bloodhawk]

You hit on the key words of "can be". I have worked with a lot of developers over the years that think they can implement security, most of them would have trouble securing their fly correctly. I find the fact they are using their "own secure channel" implementation to be a huge warning sign.

Re:More secure than cards

[amias]

whoa there , do not give anyone your PIN

Re:More secure than cards

[CastrTroy]

I do get changed in my room. For returning to my room, I just lounge by the pool until I'm sufficiently dry. It doesn't take that long to dry off.

SPG = Special Patrol Group

[TechyImmigrant]

I was at a Starwood hotel two weeks ago and I was not offered such an opportunity.

I feel robbed.

Re:SPG = Special Patrol Group

[bobbied]

I feel robbed.

Ah, but you shouldn't. Everything is 100% safe until AFTER they start doing this, then it's a hacker's paradise of cracking open hotel rooms and ransacking the contents. (I know it's true, I saw it on SlashDot).

Re:SPG = Special Patrol Group

[TechyImmigrant]

The NFC was already in the door and the card was NFC.
All they've done is make an app that uses NFC through the same interface.

Yes, it's a hackers paradise, but it already was one. The phone doesn't make much difference to the hackers-paradiseness of it. A decent hack would probably already be using a phone to imitate a card since it has the NFC interface and a CPU.

It's Own Encrypted Secure Channel

[sexconker]

It's using it's own, encrypted, secure channel that happens to be accessible from my phone.
So it's handled by NFC, Bluetooth, Wifi, the cell radio, the speakers, or the display, in that order of likelihood.

The communication channel is the least of their worries, however. With only a little bit of effort, these can all be implemented more securely than magstrip cards.

The problem is that it'll all be accessible by an internet-connected PC at the front desk, allowing a remote (or local) attacker to create a master key on their phone, no magstripe hardware needed.

Re:It's Own Encrypted Secure Channel

[Pinky's+Brain]

You don't really want to deal with all the vagaries of bluetooth support across android phones. NFC isn't widespread and also broken by design (they should have just put Time of Flight distance measurement directly in the standard, oh no ... it adds a couple of cents to the ASICs, instead the penny pinchers launch a standard which will create security problems for as long as this abomination stays in use, thank you so very fucking much you fucking assholes).

I'd put WiFi/internet, cell, speakers and display on the top of the list.

Re:It's Own Encrypted Secure Channel

[boristdog]

And then anyone can steal my underpants.

And guess what? No matter how secure the system is, the underpaid housekeeping and maintenance staff can still go in whenever they want.

Re:It's Own Encrypted Secure Channel

[Overzeetop]

And that's less secure than the current system exactly how? Right now you can do the exact same thing, all you need is a magstripe card. With the proper backend this could be far more secure than the current setup.

Based on the video it looks like NFC, fwiw.

Re:It's Own Encrypted Secure Channel

[Pinky's+Brain]

Oops, article said it used BT :)

Re:It's Own Encrypted Secure Channel

[sexconker]

The current system means Joe Schmoe needs a mag stripe card and writing hardware. If he wants to be discreet, he needs a magstripe card from the hotel.

With a cellphone system, you write with software and you don't have to be sneaky about using a phone that looks different from the phones of all the other guests / obtain a phone that looks the same. There's no physical trace that you've done anything.

Woot!

Then Starwood can access all our social media, track our exact location, and get access to our entire list of contacts.

That's what I want!

Hackability of hotel locks

[Cid+Highwind]

An app can hardly be less secure than the current system. Knowing the target's name and room number is all it takes to "hack" most hotel locks - just ask the front desk clerk to make you a new key!

Re:Hackability of hotel locks

[Chocolate+Teapot]

Which you have to sign for. There's a reason they get a specimen signature when you check in. If they issue a replacement key card without checking the signature, you then sue the ass off of them.

Re:Hackability of hotel locks

[Mr+D+from+63]

No, you can't sue them unless they give it to someone else and then in turn you suffer some type of loss.

Most desks will ask for a photo ID. Some will call the room to make sure nobody is in it. But asking for a room key to enter a room illegally is a good way to get caught.

Re:Hackability of hotel locks

[Charliemopps]

Yea no... you sign a waver when you check in. They could fill your room with wild hyenas and all that'd happen is your estate would get charged for cleaning the blood off the walls.

Re:Hackability of hotel locks

[bill_mcgonigle]

An app can hardly be less secure than the current system

Well, playing this out - before the thieves could steal my extra underwear and toothbrush. Now the Hotel can steal all my contacts, SD card contents, location information, etc.

Oh, yeah, I'm sure this will be "no special permissions" once it's a required app for checking in (or if not required you can avoid the $15 keying fee by using the app) ...

Guess it depends what you're securing. Any hotel door that doesn't have an unkeyed deadbolt (only lockable from the inside) is sketchy, but most don't. If your security isn't their top concern, then you have to ask what is. Usually cost vs. revenue, and there are all sorts of things they can do to improve their revenue by accessing your data. Did you Like Kit-Kat bars on Facebook? Guess what's in your mini-bar tomorrow. There need be no sinister agents at the Hotel - the maid simply gets a printout of what to stock each room with every day and the Front Desk clerk simply asks you to NFC the pad when you check in. If you're a Verizon or AT&T customer, the clerk knows when you're pulling in the hotel driveway and the minibar is already stocked before your arrival.

Re: Hackability of hotel locks

[Chocolate+Teapot]

Of course, but I think it's no coincidence that it's Starwood who are looking into this technology.

Wait till the phone battery goes flat

[uksv29]

"I'll put my phone on charge. Oh dear the charger is in my hotel room".

You just know how this will end.

Re:Wait till the phone battery goes flat

[Nukenbar]

People keep thinking of the disadvantages of the phone, but think of the advantages.

No checking in.

An email confirms your room number and you just go straight to the room.

Re:Wait till the phone battery goes flat

[CanHasDIY]

Which means the hotel fires the concierge, and there's no one to bring you a Sprite at 2 am when you're vomiting the last ounce of fluid your body held prior to getting food poisoning from the hotel restaurant earlier that night.

Beware the Law of Unintended Consequences.

Re:Funny

[rubycodez]

no worries, the chain on the door backs it up

Unlimited copies too

Another nice side-effect of this is instead of having to throw my room key onto the stage, I can just throw a paper airplane with the key printed under a sexy photo.

Trust us ...

[gstoddart]

The technology's developer says that it uses its own encrypted secure channel to ensure thieves cannot abuse the innovation

It's secure, trust us ... and you'll also have to trust we won't abuse the access to your phone for our own purposes.

Yeah, sorry, no ... no interest in installing an app for something like this. Give me an old school key card.

Other than saying "ZOMG, teh smart phone opens teh hotel door" ... I really don't see the point. And I really don't see why we'd trust them.

Doesnt matter

[Charliemopps]

It doesn't matter. The current card security system is as about as insecure as it could possibly get and still have a door in the frame.

After an incident at a hotel a few years ago where our door lock failed and ruined our stay... and a subsequent discussion with their maintenance man about how the card systems work I had a suspicion and tried my card on the room across the hall. Low and behold my card would work on any room in the building. Since then I've made a habit of testing my card on random, seemingly vacant rooms at other hotels. To my surprise I've had it actually work several times.

Now I deadbolt it when I'm in the room, and don't leaving anything valuable in there at all. I even keep my suitcase in the trunk when I leave if I have my car there. The hotel I had my honeymoon in didn't have a deadbolt or chain. Sure enough, the morning after our wedding cleanign tried to come in. Lucky for me I'm super paranoid so she just ended up slamming the door into the mini-fridge I'd slid in front of the door the previous night. Before I even had my pants on she was down there with their security manager trying to force the door open. I yelled "Go talk to the front desk before you break into my room morons" before forcing the door shut with my foot and holding it. They weren't happy. I now carry a wedge shaped piece of oak with me to any hotel.

Re:Doesnt matter

[Charliemopps]

I don't vote, read my sig.

I've had my house broken into before. You live in the same terrifying world I do. Most robberies involve drunk teenagers just trying front doors to see if they're unlocked. Sometimes they stumble into a surprised owner and things get out of hand. My uncle used to leave the door to his very rural house unlocked 24/7... that is until he woke up at 3am with a meth addict standing over him asking for a glass of water one night. An ounce of prevention...

Re:Doesnt matter

[koan]

Listen, just because you haven't had a bad experience doesn't mean you should be so insulting.

Or, because you had a bad experience and decided not to do anything about it in the future doesn't mean you should be so insulting.

Re:Doesnt matter

[Desiree+Hindenburg]

A tooth fell out from the guy's mouth and fell on dad. Too young to have rheumatoid arthritis. Too skinny to be diabetic. Thus – meth addict. LOL

Re:Doesnt matter

[dAzED1]

the reason he brought up voting was because of your sig. There was a point being made.

Hey - works for me!

[mmell]

This is why I travel with a handgun. Anybody wants to know what caliber can drop by my hotel room and let themselves in unannounced. If I happen to be there, I'll be more than happy to let them examine my munitions one round at a time - if not, well . . . I suppose they can have whatever they can carry away.

So as you can see, I would consider such a system to be secure - at least, secure enough for my purposes.

Re:Hey - works for me!

[Ksevio]

You sound insane

Re:Hey - works for me!

[Charliemopps]

Until you're gone for the day at... whatever it is you went there for... and they take said handgun, use it for a crime and then put it back. A hotel room is the absolute last place I'd leave mine.

Re:Hey - works for me!

[PoisOnouS]

Just don't travel to NJ. The fascists there will lock you up for having the temerity to own a gun.

Re:Hey - works for me!

[koan]

He does... you should probably buy a gun to protect yourself.

Re:Hey - works for me!

[mmell]

Who said anything about leaving the handgun in the room?

Re:Hey - works for me!

[mmell]

Yes, I know you do.

Re:Hey - works for me!

[Maow]

This is why I travel with a handgun.

You ought to try travelling to a civilized country sometime.

On the other hand, most of them probably don't want you, so never mind.

Re:Hey - works for me!

[mmell]

"Civilized country" . . . by which you mean somewhere in the "Old World", I assume? Or perhaps you meant the Third World? I always get those two confused.

No, thanks. I'd rather stay here in the "New World". You remember us - we're the guys who bailed y'all out something like seventy years ago when you were busy doing the genocide thing? It sure woulda been nice if the locals had been able to oppose governments that did things like that - but being "civilized" apparently means that would be a no-no, doesn't it?

Re:Hey - works for me!

[Maow]

"Civilized country" . . . by which you mean somewhere in the "Old World", I assume? Or perhaps you meant the Third World? I always get those two confused.

Wrong on both counts.

No, thanks. I'd rather stay here in the "New World". You remember us - we're the guys who bailed y'all out something like seventy years ago when you were busy doing the genocide thing?

Actually, while "we" (us New Worlders) were bailing out the "Old World", "you" were sitting on your asses watching the whole thing unfold for half the first instance and until the fight came to you in the second instance.

It sure woulda been nice if the locals had been able to oppose governments that did things like that - but being "civilized" apparently means that would be a no-no, doesn't it?

Yeah, and how's your armament helping you oppose the gubmint these days? Doesn't seem to have been working out for y'all, whether y'all includes American-borne slaves, anti-Vietnam protesters, civil forfeiture victims, Ferguson protesters with .50 cal rifles pointed at them, victims of the War on (Drugs | Terror | ...).

But y'all manage to keep your own numbers in check with all the guns, so carry on.

Re:Hey - works for me!

[mmell]

We will. Based on our military, geopolitical and economic strength, we will. I'm going to say we're doing something right. It ain't perfect - but it's a damned sight better than what I've seen elsewhere on the globe (and, yes...I've gone and looked firsthand).

Re:Funny

[jellomizer]

While they may find a hack. I expect like a lot of vulnerabilities, they are hard enough of a hack to keep you safer using this method then the previous ones.

If you want to get into a hotel room, there are ways to do it. Heck if you really want to get in, bypass the door all together and punch threw the sheet rock.

Vacation with nothing but a phone

[Overzeetop]

This is the potential future of convenience. With NFC and actual secure chips, you should be able to use your phone for ID verification, boarding passes, purchases, hotel rentals, rental car "keys", and everything else you need.

Properly implemented, it would have as much or more security than just about every other common form used for any of the areas above. Of course, we all know they're going to fumble the security part, so hopefully it won't be any worse that what we already have.

Re:Vacation with nothing but a phone

[ic3m4n1]

This is the potential future of convenience. With NFC and actual secure chips, you should be able to use your phone for ID verification, boarding passes, purchases, hotel rentals, rental car "keys", and everything else you need.

Properly implemented....

Not going near it until process is more transparent about data collection and retention practices and each activity is sand boxed properly.

Unfortunately not many can be bothered to check what they are getting themselves into and then need to cry together with other victims allowing Big Brother to step in and take advantage of fiasco with so called necessary security and safety measures for public benefit of all.

Re:Vacation with nothing but a phone

[Overzeetop]

What do you think they can do with the current mag-stripe cards? You've already given them a credit card number, your home pr business address, your telephone number, and you've accepted a card in which you have no idea what they've embedded but at the minimum they can easily track your entrances into the room through their computer system which is linked to their headquarters (Which is partnered with all of their brand flags as well as several travel related services like autos and flights) and your cc payment processor (which has a record of every CC purchase you've made).

Just deny the app any permissions you don't want it to have, and/or freeze it when you don't need it and thaw it just to unlock the door. If the app fails under those conditions, get the above mentioned swipe card. Unless you have Apple devices of course...in which case, you're fucked, but at that point you've already sold out so hard that worrying about Starwood knowing whos' in your phone list and where you went for dinner is the least of your worries.

New and interesting failure methods?

[TheBrez]

I was at a hotel chain about 10 years ago that was using magstripe cards for room entry. Checked in, walked up to my room, swiped my card, and got no green light. Tried it again, no light. Just out of curiosity, I tried the handle and the door opened. Called down to the front desk to let them know my card wasn't working right, and they sent a maintenance guy up to fix it. The fix, a torx screwdriver and 4 AA batteries. When the batteries went dead, the door defaulted to open. With insecurity by default, what's to stop someone from walking up to a door with a small power screwdriver, pulling a battery, and walking into your room in about the same time as it takes you to swipe a card and get in?

Re:New and interesting failure methods?

[internerdj]

I work in a building secured with magnetic doors. The reasoning behind default open is that if an emergency happens and the power system fails there is a higher liability for the doors to fail closed and rescuers be unable to reach victims than for the doors to fail open and someone break in.

Re:New and interesting failure methods?

[digitalPhant0m]

With insecurity by default, what's to stop someone from walking up to a door with a small power screwdriver, pulling a battery, and walking into your room in about the same time as it takes you to swipe a card and get in?

Wild guess: A small power screwdriver?

Re:New and interesting failure methods?

[Charliemopps]

Exactly... try your card in other doors while you're at it. I've been in multiple hotels where ANY card from the same hotel would open ANY door. The only real security they had was that the patrons thought the doors were locked so they didn't bother trying!

Re:New and interesting failure methods?

[twokay]

If the replies to this story are anything to to go by, there are a log of people on slashdot that spend their holidays trying to break into hotel rooms with badly configured electronic lock systems. Next time someone walks into my hotel room unannounced ill know where to come looking...

Re:Funny

[weilawei]

Shows how much you know about locks and chains.

</locksmith>

Honestly, this was possible 25 years ago

[Chocolate+Teapot]

With my first mobile phone, I could beat down the door on a bank vault. Hotel doors wouldn't stand a chance.

Re:Honestly, this was possible 25 years ago

[Chocolate+Teapot]

English can be a tricky language to master, but don't despair. I said "could" not "can", closely followed by "wouldn't" instead of "don't". Dude (or lady), if you require any additional help with the subtleties of past versus present tense, I'm sure there are a number of readers here who would be delighted to assist ;-)

RFID chip makes more sense

[gurps_npc]

Better than a card, as you don't have to swipe - the door just opens when you get within 2 feet.

Yes, it isn't as secure, but this is a hotel where all the maids and the front desk have keys anyway.

The real trick to security is not to maximize it, but instead to give the appropriate level of security for the situation.

What's the range?

[j2.718ff]

Can someone in the room next to mine wirelessly hack my door?

Any good locksmith will tell you that the best a lock can do is increase the amount of time it takes someone to break in -- it can't prevent the break in. But a person attempting to pick a lock in a hallway is a lot more conspicuous than a transmitter hidden next door.

Re:What's the range?

[pr0fessor]

Unless you are trying to not leave any traces a sheet-rock knife could cut a new door between hotel rooms and in just a few seconds. Some doors are sturdier but most doors are really easy to kick open just like in the movies. Windows are easy to break also. Most door locks are more of a suggestion than an actual security feature.

Data collection

[QuietLagoon]

I have to wonder what other data from your smartphone that hotel key app is collecting and sending on to "the cloud"...

Re:Data collection

[Charliemopps]

all of it

You insensitive clods!

[YrWrstNtmr]

I don't have a smartphone, by choice.

Seriously, though. Doing everything with that easily lost/stolen/dead battery phone just sounds like a bad idea to me. Monoculture, anyone?

Re:THIS

[bobbied]

Nothing will end well... Entropy always increases as energy runs down hill, eventually, there will be nothing left.

Your point was?

This is a great idea

[Kardos]

Hotel door app requires access to contacts, shared files, camera, microphone, GPS, SMS, internet, dropbox, google drive, online banking, ....

Re:This is a great idea

[Chocolate+Teapot]

Don't worry. Any attempt to electronically violate you as you try to enter your hotel room will certainly be thwarted by your tinfoil hat.

Re:This is a great idea

[Chocolate+Teapot]

I'm not it can't be abused. I simply believe that in this case the hotel are genuinely trying to improve security, and for a very good reason. Perhaps people should delve a little deeper before reaching for conspiracy theories.

Re:This is a great idea

[Chocolate+Teapot]

Don't simply copy someone else's comment regarding one particular rogue app and cite that as evidence that this hotel chain has more interest in misusing your data than preventing another one of their customers from being raped. You sir, are a moron.

Re:Funny

[FictionPimp]

Seeing as you can only use the chain if you are in the room (unless you have a trick for locking the chain after I leave the room). I would hope that all that noise wakes me up.

How hotel keys work now

[feenberg2303]

The current system is sufficient to purpose, but few people know how it works. Here is how: The lock stores a list of 10,000 keycodes in random order. The front desk has the same list. At installation (or reset) the lock will open for any of the first couple of codes on the list. Once a code is used, any code earlier on the list is no longer valid but the next few become valid. This way the front desk can issue a new code that will be accepted, without communicating with the lock itself. My own view is that if the new system allows one-hend entry, that is a big win.

Just my luck

[slapout]

Phone's dead. And the charger's in the room.

Re:Just my luck

[Jason+Levine]

Don't worry. The hotel can charge your phone for you... for a $50 phone charging convenience fee.

card key as backup

[roc97007]

How will this be implemented? Even in this day and age, I suspect there can be customers who do not have smartphones with bluetooth. (For instance, some people feel more comfortable carrying "dumb" phones that are less hackable and less prone to data breeches if stolen, because they don't have usable data on them.)

Having a card key as a backup to bluetooth would be ok for a pilot program, but over the long term it seems like such a dual system would not be significantly more secure than a card key only system.

So, how to accomodate non-smartphone users? Different floors with bluetooth vs card key? Just don't go to that hotel?

Re:card key as backup

[Kardos]

> So, how to accomodate non-smartphone users? Different floors with bluetooth vs card key? Just don't go to that hotel?

They could have a box of 'loaner phones' that they hand out...

Re:card key as backup

[roc97007]

> So, how to accomodate non-smartphone users? Different floors with bluetooth vs card key? Just don't go to that hotel?

They could have a box of 'loaner phones' that they hand out...

That's interesting. They could even create a custom device that did the lock/unlock only, (someone else mentioned a "card key with a CPU") but I suspect that would be more expensive (at least on the short term) than just handing out burner phones (in management-speak "leveraging existing technology") that are barely equal to the task, and then doing a factory reset on them when returned. (And charging an outrageous delayed charge on your amex bill if they're not.)

Re:card key as backup

[roc97007]

I guess, call me paranoid. It's worth money to me not to have a black box in my car. Or as someone else might have said I do not have it in my car. I do not have it in my (something else that rhymes with car). I do not (something that rhymes with "do not") sam I am. Wow, that's harder than it looks.

That's what front desks are for

[Overzeetop]

Leave your card, take your phone. If, by some chance, you manage to have a completely dead phone when you get back to the hotel, you just get a physical card from the front desk, or they plug in your phone for 2 minutes and you go up and get in normally.

Re:That's what front desks are for

[Kielistic]

I would count that as pretty annoying at ~3 or 4am while drunk or accompanied. Or even if you just want to find a bed; you don't end up with a dead phone from a short day.

Re:That's what front desks are for

[swillden]

I would count that as pretty annoying at ~3 or 4am while drunk or accompanied. Or even if you just want to find a bed; you don't end up with a dead phone from a short day.

Meh, if you're drunk you probably accidentally dropped your phone into the pocket with your key card at some point, which scrambled the low-coercivity magstripe, so you still have to stop at the front desk to get a new key anyway. I know that sequence is MUCH more likely than having a dead phone is for me... because I do it all the time, even without drinking.

Re:That's what front desks are for

[Neil+Boekend]

I call bullshit. Magstripe cards aren't easily wiped. You really have to use power to wipe them.
A phone ain't gonna cut it. The static electricity from your hand is more likely but under normal circumstances that isn't going to do anything either. Just put the card away when you're playing with VandeGraaf generators or Tesla coils.

Re:That's what front desks are for

[swillden]

I call bullshit. Magstripe cards aren't easily wiped. You really have to use power to wipe them. A phone ain't gonna cut it. The static electricity from your hand is more likely but under normal circumstances that isn't going to do anything either. Just put the card away when you're playing with VandeGraaf generators or Tesla coils.

You can call bullshit all you want... but I've done it dozens of times. If you want to reproduce it, just drop your card key in the same pocket as your phone and leave it there for a few hours. When you get back to your room, your card key won't work.

The reason this happens with card keys is because they have low coercivity magstripes, which makes them easy to rewrite. This is good because they get rewritten regularly. Your credit cards use high coercivity stripes and aren't nearly as vulnerable.

http://en.wikipedia.org/wiki/Magnetic_stripe_card#Magnetic_stripe_coercivity

Re:That's what front desks are for

[GNious]

I call bullshit. Magstripe cards aren't easily wiped. You really have to use power to wipe them.

As a frequent traveler for the last decade, my experience is that hotel keycards will easily get messed up, even when in a wallet.

In one particular upscale hotel (in the Mövenpick chain), I started going via the frontdesk every day to have my card re-written - it simply "lost" the encoding during the day, as in the evening it would fail to open my door. After several days of this, just having the front-desk rewrite the card every time we got back, was the simplest solution (getting a new card didn't help matters much either).

All this really does

[koan]

Is eventually force everyone to carry a smart phone, to do the simplest things.

Re:THIS

[koan]

Sarcasm?

Re:Funny

[weilawei]

Tap a pin into the door opposite the sliding chain or put a small hook (or even tape to the flat of the door) in the hinge if you dislike damage. Attach a (sturdy, long stretching) rubber band to the pin or hook. Exit room. Attach rubber band to the head of the sliding chain. Close door. Jiggle back and forth until it seats itself. May take a few tries. Open door (pulling chain into the lock) and snip rubber band.

Walk away. Use inverse procedure to enter.

The hook needs to be lined up directly across from the sliding latch. The rubber band needs to stretch enough to pull the chain straight over the hole, but not break too easily. You could also use a flat shim of metal through the hinge-side opening to hold the rubber band, allowing you to attach the rubber band to the chain before you exit, then pull the shim out to tighten it up/break the rubber band once it's seated.

You may now facepalm. I don't have a video of this trick, sadly. Always did like magic tricks though...

Re:Funny

[rubycodez]

I know plenty, breaking in makes noise.

Re:Funny

[weilawei]

And that's clearly stopped every burglar ever. Congratulations on solving the problem. Perhaps you can tackle cancer next?

More secure than cards

[rtkluttz]

The security for THEM can be more or less secure than current. I don't want their apps shuffling through my shit on my phone. The only way I would use something like this is if I was using Cyanogenmod and over-rode their apps security settings and kept it locked out of everything. I'm not even sure that is trustworthy enough for most crap though. There really needs to be a virtual phone within a phone that can keep each app sandboxed to what it thinks is an entire real phone.

Combine the Phone and Card Technologies

[Desiree+Hindenburg]

What we need is an independent programmable NFC circuitry on the phone, which could run of off the electricity induced by radio-waves in the reader (door lock). This way the NFC still works even when the phone’s battery is dead.

Re:Funny

[rubycodez]

No, my Glock 17 had to dissuade one that broke the chain 25 years ago

Re:Funny

[rubycodez]

Who leaves valuables in hotel room? victims I guess

IMHO You are right on the money, Nukenbar.

[bdwoolman]

No check-in access is what this is about. I recently checked into a Go Native hotel in London. This is a hybrid property that stands between a hotel and a service apartment. The rates were great. But this meant there was no-one on a night desk. Gaining access at my check in time (Midnight) was a PITA. I had to call the 24 hour number (a living human) to get an entry code for the front door (giving my reservation number as a parole). Then, at the same time, another one-off pin for a little lobby safe was given to me as well. In the little safe I found my key card and room number. I remember thinking at the time that a smartphone app for this type of budget or off hours property would be the ticket and wondered if Go Native had one I had missed (but I did not go so far as to consider the phone as the key itself). It all worked kludgy as it was. The accommodation was fine by the way. A bit like a really nice dorm.

As for real security in a hotel? Fugedaboudid. Especially If you are not in the room. If you are in the room, then use the deadbolt and the privacy lock. Really valuable stuff (if you happen to have it) should go in the hotel safe with a receipt. Or in the room safe. But, really, smart phones are are going to be at least as safe as those programmable cards, keys, Ving cards. A hotel room is shared quarters. Just use a black light if you don't believe me. On second thought you really don't want to use a black light.. Hertz Gold rent a car lets you grab the wheels and go without a counter check in (the bonafides are done up front when you join the program). So this is kinda cool. Get your room number by text and download your BT access code into your app and you are set -- and nobody needs to see you... or your date.

Insane . . . and heavily armed.

[mmell]

Doesn't that make you feel just dandy?

Great idea

[Trogre]

And I'm sure it will work well.

Right up until your battery dies as you're walking back to your room late at night.

Re:Well...

[Chocolate+Teapot]

He wouldn't need to. He would simply wait until the cleaning staff were in with the door propped open with a trolley. At that point he just walks in and acts like it's his room and asks for five minutes privacy while he takes a shower. Naturally they leave him alone in the room.

nothing is 100% secure

[markhahn]

In a just universe, whenever some knob uttered a platitude like that, they'd be struck by lightning or a meteor or turned into a pillar of salt.

yes, I definitely would prefer a potentially secure wireless protocol over an obviously insecure physical key. this is a no-brainer! even better: make it a public, *STANDARD* secure wireless protocol, preferably exactly the same one I use to authorize NFC payments from my phone.