Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smartphone App To Be Used As Hotel Room Keys

Posted by samzenpus on from the dial-r-for-room dept.

An anonymous reader writes Starwood Hotels and Resorts has became the first chain to let guests unlock doors with their phones at 10 Aloft, Element and W hotels. They hope to expand the program to 140 more properties in those brands by the middle of next year. From the article: "The technology's developer says that it uses its own encrypted secure channel to ensure thieves cannot abuse the innovation. But one expert had reservations. "Nothing is 100% secure, and once this technology is in widespread use it will make a very tasty target for hackers," said Prof Alan Woodward from the University of Surrey's department of computing.

36 of 150 comments (clear)

  1. More secure than cards by Rosyna · · Score: 5, Informative

    With an active CPU behind it, certainly this system can be more secure than the current card system. Also means much less chance of leaving the card in the room and less money spent replacing lost cards.

    1. Re:More secure than cards by hsmith · · Score: 5, Insightful

      "can be" is the keyword there... Seeing how easily previous systems were compromised this doesn't have much promise behind it.

    2. Re:More secure than cards by Kielistic · · Score: 5, Interesting

      Also means much less chance of leaving the card in the room

      But now having a dead phone after a late night of drinking/whatever just got a whole lot more annoying.

    3. Re:More secure than cards by mythosaz · · Score: 3, Insightful

      Unless all guests are expected to have smartphones as a requirement of occupancy, I imagine you'll get plain old room keys too.

    4. Re:More secure than cards by CastrTroy · · Score: 5, Insightful

      I could be less convenient in many ways though. For one thing, this means that I have to bring my phone with me when I go to the pool or the gym. Also, I don't think that the current cards are that expensive to replace. If they were, they could just charge the client for unreturned or lost cards, same as if other things in the room go missing.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    5. Re:More secure than cards by Kielistic · · Score: 4, Insightful

      At that point it's pretty much just a novelty. If I have to carry the key-card as a backup anyway (which would be smart) I'd rather just have an RFID enabled card and wave my wallet in front of the lock. If I have the card there is no security bonus form the more programmable phone since the card has to work also.

      Although having redundancy on your person does have its benefits if you did happen to lose one or the other while out and about.

    6. Re:More secure than cards by SeaFox · · Score: 5, Insightful

      With an active CPU behind it, certainly this system can be more secure than the current card system.

      Which means little unless they disable the old system. Much like changing the design of currency to thwart counterfeiters is worthless unless you devalue bills with the old design. The chain of security is only as strong as its weakest link.

    7. Re:More secure than cards by roc97007 · · Score: 2

      > With an active CPU behind it, certainly this system can be more secure than the current card system.

      That was my first thought. Such a system, for several reasons, has the potential of being significantly more secure.

      The counter-argument might be that it depends entirely on the implementation. Whether an *effective* solution is generated, or just a solution that's convenient and looks secure, is an open question. Also whether such a solution has a back door or a weakness that can be globally exploited. I think this is a good thing, but I wouldn't want to bet my possessions on it until it had been in the field for awhile and experts had evaluated it for weaknesses.

      I understand we're not talking about an airplane falling out of the sky, but as a person who travels with expensive equipment, door security is somewhat important to me.

      > Also means much less chance of leaving the card in the room

      For most people, although I'm related to people who regularly leave their phone behind when they leave the house. (Wife and daughter, mostly.) (And yes, a young lady without her smartphone in this age is a big deal, but that doesn't stop her from leaving it behind regularly. And of course it's a tragedy each time...)

      > and less money spent replacing lost cards.

      This is probably less significant. A little googling shows that you can get card keys printed with your logo for $0.02 apiece in quantity, making it cheaper than the monogrammed pens they give away.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    8. Re:More secure than cards by neokushan · · Score: 2

      Depends on the cards you speak of. The kind used in EMV chip cards (Credit/Debit mostly outside the US for now), which are also contactless, can be had for about £3 a pop, probably less in bulk.

      --
      +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
    9. Re:More secure than cards by dAzED1 · · Score: 2

      First, your phone is amazingly insecure - unless you have one of the ones dedicated to security. The most valuable thing you have is you - the who of who you are. Trusting that identity to your phone is...spectacularly foolish. Second, most people don't have a phone that could survive a trip to the hotel pool or hot tub, whereas the throwaway cards can do just that, just fine.

      If someone breaks the card's security, the worst you're out is the stuff in your room. The more you stuff into your phone, then the worst that could happen is you aren't you anymore.

  2. SPG = Special Patrol Group by TechyImmigrant · · Score: 2

    I was at a Starwood hotel two weeks ago and I was not offered such an opportunity.

    I feel robbed.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  3. It's Own Encrypted Secure Channel by sexconker · · Score: 5, Insightful

    It's using it's own, encrypted, secure channel that happens to be accessible from my phone.
    So it's handled by NFC, Bluetooth, Wifi, the cell radio, the speakers, or the display, in that order of likelihood.

    The communication channel is the least of their worries, however. With only a little bit of effort, these can all be implemented more securely than magstrip cards.

    The problem is that it'll all be accessible by an internet-connected PC at the front desk, allowing a remote (or local) attacker to create a master key on their phone, no magstripe hardware needed.

    1. Re:It's Own Encrypted Secure Channel by boristdog · · Score: 2

      And then anyone can steal my underpants.

      And guess what? No matter how secure the system is, the underpaid housekeeping and maintenance staff can still go in whenever they want.

  4. Hackability of hotel locks by Cid+Highwind · · Score: 2

    An app can hardly be less secure than the current system. Knowing the target's name and room number is all it takes to "hack" most hotel locks - just ask the front desk clerk to make you a new key!

    --
    0 1 - just my two bits
    1. Re:Hackability of hotel locks by Charliemopps · · Score: 2

      Yea no... you sign a waver when you check in. They could fill your room with wild hyenas and all that'd happen is your estate would get charged for cleaning the blood off the walls.

  5. Wait till the phone battery goes flat by uksv29 · · Score: 4, Insightful

    "I'll put my phone on charge. Oh dear the charger is in my hotel room".

    You just know how this will end.

  6. Trust us ... by gstoddart · · Score: 5, Insightful

    The technology's developer says that it uses its own encrypted secure channel to ensure thieves cannot abuse the innovation

    It's secure, trust us ... and you'll also have to trust we won't abuse the access to your phone for our own purposes.

    Yeah, sorry, no ... no interest in installing an app for something like this. Give me an old school key card.

    Other than saying "ZOMG, teh smart phone opens teh hotel door" ... I really don't see the point. And I really don't see why we'd trust them.

    --
    Lost at C:>. Found at C.
  7. Doesnt matter by Charliemopps · · Score: 5, Interesting

    It doesn't matter. The current card security system is as about as insecure as it could possibly get and still have a door in the frame.

    After an incident at a hotel a few years ago where our door lock failed and ruined our stay... and a subsequent discussion with their maintenance man about how the card systems work I had a suspicion and tried my card on the room across the hall. Low and behold my card would work on any room in the building. Since then I've made a habit of testing my card on random, seemingly vacant rooms at other hotels. To my surprise I've had it actually work several times.

    Now I deadbolt it when I'm in the room, and don't leaving anything valuable in there at all. I even keep my suitcase in the trunk when I leave if I have my car there. The hotel I had my honeymoon in didn't have a deadbolt or chain. Sure enough, the morning after our wedding cleanign tried to come in. Lucky for me I'm super paranoid so she just ended up slamming the door into the mini-fridge I'd slid in front of the door the previous night. Before I even had my pants on she was down there with their security manager trying to force the door open. I yelled "Go talk to the front desk before you break into my room morons" before forcing the door shut with my foot and holding it. They weren't happy. I now carry a wedge shaped piece of oak with me to any hotel.

    1. Re:Doesnt matter by Charliemopps · · Score: 2

      I don't vote, read my sig.

      I've had my house broken into before. You live in the same terrifying world I do. Most robberies involve drunk teenagers just trying front doors to see if they're unlocked. Sometimes they stumble into a surprised owner and things get out of hand. My uncle used to leave the door to his very rural house unlocked 24/7... that is until he woke up at 3am with a meth addict standing over him asking for a glass of water one night. An ounce of prevention...

    2. Re:Doesnt matter by dAzED1 · · Score: 2

      the reason he brought up voting was because of your sig. There was a point being made.

  8. Vacation with nothing but a phone by Overzeetop · · Score: 3, Insightful

    This is the potential future of convenience. With NFC and actual secure chips, you should be able to use your phone for ID verification, boarding passes, purchases, hotel rentals, rental car "keys", and everything else you need.

    Properly implemented, it would have as much or more security than just about every other common form used for any of the areas above. Of course, we all know they're going to fumble the security part, so hopefully it won't be any worse that what we already have.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  9. New and interesting failure methods? by TheBrez · · Score: 5, Insightful

    I was at a hotel chain about 10 years ago that was using magstripe cards for room entry. Checked in, walked up to my room, swiped my card, and got no green light. Tried it again, no light. Just out of curiosity, I tried the handle and the door opened. Called down to the front desk to let them know my card wasn't working right, and they sent a maintenance guy up to fix it. The fix, a torx screwdriver and 4 AA batteries. When the batteries went dead, the door defaulted to open. With insecurity by default, what's to stop someone from walking up to a door with a small power screwdriver, pulling a battery, and walking into your room in about the same time as it takes you to swipe a card and get in?

    1. Re:New and interesting failure methods? by internerdj · · Score: 5, Informative

      I work in a building secured with magnetic doors. The reasoning behind default open is that if an emergency happens and the power system fails there is a higher liability for the doors to fail closed and rescuers be unable to reach victims than for the doors to fail open and someone break in.

    2. Re:New and interesting failure methods? by digitalPhant0m · · Score: 2

      With insecurity by default, what's to stop someone from walking up to a door with a small power screwdriver, pulling a battery, and walking into your room in about the same time as it takes you to swipe a card and get in?

      Wild guess: A small power screwdriver?

    3. Re:New and interesting failure methods? by Charliemopps · · Score: 2

      Exactly... try your card in other doors while you're at it. I've been in multiple hotels where ANY card from the same hotel would open ANY door. The only real security they had was that the patrons thought the doors were locked so they didn't bother trying!

    4. Re:New and interesting failure methods? by twokay · · Score: 2

      If the replies to this story are anything to to go by, there are a log of people on slashdot that spend their holidays trying to break into hotel rooms with badly configured electronic lock systems. Next time someone walks into my hotel room unannounced ill know where to come looking...

      --
      Wannabe nerd.
  10. Re:Funny by weilawei · · Score: 5, Interesting

    Shows how much you know about locks and chains.

    </locksmith>

  11. Honestly, this was possible 25 years ago by Chocolate+Teapot · · Score: 3, Funny

    With my first mobile phone, I could beat down the door on a bank vault. Hotel doors wouldn't stand a chance.

    --
    Modest doubt is called the beacon of the wise. - William Shakespeare
  12. Re:Hey - works for me! by Ksevio · · Score: 4, Insightful

    You sound insane

  13. What's the range? by j2.718ff · · Score: 2

    Can someone in the room next to mine wirelessly hack my door?

    Any good locksmith will tell you that the best a lock can do is increase the amount of time it takes someone to break in -- it can't prevent the break in. But a person attempting to pick a lock in a hallway is a lot more conspicuous than a transmitter hidden next door.

  14. You insensitive clods! by YrWrstNtmr · · Score: 4, Interesting

    I don't have a smartphone, by choice.

    Seriously, though. Doing everything with that easily lost/stolen/dead battery phone just sounds like a bad idea to me. Monoculture, anyone?

  15. Re:THIS by bobbied · · Score: 2

    Nothing will end well... Entropy always increases as energy runs down hill, eventually, there will be nothing left.

    Your point was?

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  16. This is a great idea by Kardos · · Score: 5, Insightful

    Hotel door app requires access to contacts, shared files, camera, microphone, GPS, SMS, internet, dropbox, google drive, online banking, ....

  17. How hotel keys work now by feenberg2303 · · Score: 2

    The current system is sufficient to purpose, but few people know how it works. Here is how: The lock stores a list of 10,000 keycodes in random order. The front desk has the same list. At installation (or reset) the lock will open for any of the first couple of codes on the list. Once a code is used, any code earlier on the list is no longer valid but the next few become valid. This way the front desk can issue a new code that will be accepted, without communicating with the lock itself. My own view is that if the new system allows one-hend entry, that is a big win.

  18. Re:Hey - works for me! by koan · · Score: 2

    He does... you should probably buy a gun to protect yourself.

    --
    "If any question why we died, Tell them because our fathers lied."
  19. Re:That's what front desks are for by swillden · · Score: 2

    I call bullshit. Magstripe cards aren't easily wiped. You really have to use power to wipe them. A phone ain't gonna cut it. The static electricity from your hand is more likely but under normal circumstances that isn't going to do anything either. Just put the card away when you're playing with VandeGraaf generators or Tesla coils.

    You can call bullshit all you want... but I've done it dozens of times. If you want to reproduce it, just drop your card key in the same pocket as your phone and leave it there for a few hours. When you get back to your room, your card key won't work.

    The reason this happens with card keys is because they have low coercivity magstripes, which makes them easy to rewrite. This is good because they get rewritten regularly. Your credit cards use high coercivity stripes and aren't nearly as vulnerable.

    http://en.wikipedia.org/wiki/Magnetic_stripe_card#Magnetic_stripe_coercivity

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.