Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smartphone App To Be Used As Hotel Room Keys

Posted by samzenpus on from the dial-r-for-room dept.

An anonymous reader writes Starwood Hotels and Resorts has became the first chain to let guests unlock doors with their phones at 10 Aloft, Element and W hotels. They hope to expand the program to 140 more properties in those brands by the middle of next year. From the article: "The technology's developer says that it uses its own encrypted secure channel to ensure thieves cannot abuse the innovation. But one expert had reservations. "Nothing is 100% secure, and once this technology is in widespread use it will make a very tasty target for hackers," said Prof Alan Woodward from the University of Surrey's department of computing.

16 of 150 comments (clear)

  1. More secure than cards by Rosyna · · Score: 5, Informative

    With an active CPU behind it, certainly this system can be more secure than the current card system. Also means much less chance of leaving the card in the room and less money spent replacing lost cards.

    1. Re:More secure than cards by hsmith · · Score: 5, Insightful

      "can be" is the keyword there... Seeing how easily previous systems were compromised this doesn't have much promise behind it.

    2. Re:More secure than cards by Kielistic · · Score: 5, Interesting

      Also means much less chance of leaving the card in the room

      But now having a dead phone after a late night of drinking/whatever just got a whole lot more annoying.

    3. Re:More secure than cards by CastrTroy · · Score: 5, Insightful

      I could be less convenient in many ways though. For one thing, this means that I have to bring my phone with me when I go to the pool or the gym. Also, I don't think that the current cards are that expensive to replace. If they were, they could just charge the client for unreturned or lost cards, same as if other things in the room go missing.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    4. Re:More secure than cards by Kielistic · · Score: 4, Insightful

      At that point it's pretty much just a novelty. If I have to carry the key-card as a backup anyway (which would be smart) I'd rather just have an RFID enabled card and wave my wallet in front of the lock. If I have the card there is no security bonus form the more programmable phone since the card has to work also.

      Although having redundancy on your person does have its benefits if you did happen to lose one or the other while out and about.

    5. Re:More secure than cards by SeaFox · · Score: 5, Insightful

      With an active CPU behind it, certainly this system can be more secure than the current card system.

      Which means little unless they disable the old system. Much like changing the design of currency to thwart counterfeiters is worthless unless you devalue bills with the old design. The chain of security is only as strong as its weakest link.

  2. It's Own Encrypted Secure Channel by sexconker · · Score: 5, Insightful

    It's using it's own, encrypted, secure channel that happens to be accessible from my phone.
    So it's handled by NFC, Bluetooth, Wifi, the cell radio, the speakers, or the display, in that order of likelihood.

    The communication channel is the least of their worries, however. With only a little bit of effort, these can all be implemented more securely than magstrip cards.

    The problem is that it'll all be accessible by an internet-connected PC at the front desk, allowing a remote (or local) attacker to create a master key on their phone, no magstripe hardware needed.

  3. Wait till the phone battery goes flat by uksv29 · · Score: 4, Insightful

    "I'll put my phone on charge. Oh dear the charger is in my hotel room".

    You just know how this will end.

  4. Trust us ... by gstoddart · · Score: 5, Insightful

    The technology's developer says that it uses its own encrypted secure channel to ensure thieves cannot abuse the innovation

    It's secure, trust us ... and you'll also have to trust we won't abuse the access to your phone for our own purposes.

    Yeah, sorry, no ... no interest in installing an app for something like this. Give me an old school key card.

    Other than saying "ZOMG, teh smart phone opens teh hotel door" ... I really don't see the point. And I really don't see why we'd trust them.

    --
    Lost at C:>. Found at C.
  5. Doesnt matter by Charliemopps · · Score: 5, Interesting

    It doesn't matter. The current card security system is as about as insecure as it could possibly get and still have a door in the frame.

    After an incident at a hotel a few years ago where our door lock failed and ruined our stay... and a subsequent discussion with their maintenance man about how the card systems work I had a suspicion and tried my card on the room across the hall. Low and behold my card would work on any room in the building. Since then I've made a habit of testing my card on random, seemingly vacant rooms at other hotels. To my surprise I've had it actually work several times.

    Now I deadbolt it when I'm in the room, and don't leaving anything valuable in there at all. I even keep my suitcase in the trunk when I leave if I have my car there. The hotel I had my honeymoon in didn't have a deadbolt or chain. Sure enough, the morning after our wedding cleanign tried to come in. Lucky for me I'm super paranoid so she just ended up slamming the door into the mini-fridge I'd slid in front of the door the previous night. Before I even had my pants on she was down there with their security manager trying to force the door open. I yelled "Go talk to the front desk before you break into my room morons" before forcing the door shut with my foot and holding it. They weren't happy. I now carry a wedge shaped piece of oak with me to any hotel.

  6. New and interesting failure methods? by TheBrez · · Score: 5, Insightful

    I was at a hotel chain about 10 years ago that was using magstripe cards for room entry. Checked in, walked up to my room, swiped my card, and got no green light. Tried it again, no light. Just out of curiosity, I tried the handle and the door opened. Called down to the front desk to let them know my card wasn't working right, and they sent a maintenance guy up to fix it. The fix, a torx screwdriver and 4 AA batteries. When the batteries went dead, the door defaulted to open. With insecurity by default, what's to stop someone from walking up to a door with a small power screwdriver, pulling a battery, and walking into your room in about the same time as it takes you to swipe a card and get in?

    1. Re:New and interesting failure methods? by internerdj · · Score: 5, Informative

      I work in a building secured with magnetic doors. The reasoning behind default open is that if an emergency happens and the power system fails there is a higher liability for the doors to fail closed and rescuers be unable to reach victims than for the doors to fail open and someone break in.

  7. Re:Funny by weilawei · · Score: 5, Interesting

    Shows how much you know about locks and chains.

    </locksmith>

  8. Re:Hey - works for me! by Ksevio · · Score: 4, Insightful

    You sound insane

  9. You insensitive clods! by YrWrstNtmr · · Score: 4, Interesting

    I don't have a smartphone, by choice.

    Seriously, though. Doing everything with that easily lost/stolen/dead battery phone just sounds like a bad idea to me. Monoculture, anyone?

  10. This is a great idea by Kardos · · Score: 5, Insightful

    Hotel door app requires access to contacts, shared files, camera, microphone, GPS, SMS, internet, dropbox, google drive, online banking, ....