Getting into your hotel room after a night on the town? There could be an app for that

Aug 13, 2014 by Bill Buchanan, The Conversation
Argh. I can see the key right there. Credit: Isabelle Anne, CC BY-NC-SA

The smartphone continues its rise and rise as the device of choice for our everyday activities. Our keys used to be the one thing we would have to carry around with us at all times and losing them would be a real headache. But in the information age, the phone is becoming our pass key.

It stands to reason then that at some point, we will use our phones instead of a key. It could then replace those annoying white pieces of plastic you get when you check into a hotel and then lock in your room the first time you go out. Trials are underway to integrate smartphones into hotel visits.

Smartphones have found their way into all kinds of places – even airports. But the hotel is a tough nut to crack. A slip up here could be costly and security is tight. It speaks volumes, then, that the Hilton hotel chain has started to allow guests to use their smartphones to select their room and to check in.

The decision was based on research that users wanted more control of their bookings, and the smartphone was the device of choice for setting this up. The next step is to extend the use of smartphones to enable people to use them to unlock their room. Hilton plans to implement this across 4,000 hotels in 80 different countries by 2016.

There is much to do before technology like this becomes the standard though. In September 2012, a Dell consultant had her laptop stolen from a Hyatt hotel room in Houston when a thief exploited a security flaw in the hotel's digital lock system. This was not a but it just goes to show that people can and will try to hack into digital systems of all kinds. The vulnerability for this lock had even been publicly disclosed in July that year at a Black Hat security conference. While the flaw had been patched within a month, the hotel in question had not implemented it, leaving guests vulnerable.

Of course these days, we buy our software in the form of apps from an app store. We can thus expect to see lock apps and key apps popping up just as soon as developers think they're onto a winner. The downside is of course that it will only be a matter of time before a whole range of other apps, focusing on lock picking, also appear. If the past has taught us anything, it's that as long as there is a vulnerable element in the overall infrastructure, it will be exploited by some budding security specialist wishing to either showcase their talent or to make a fast buck.

And unfortunately, across app development, there is often too much focus on whether users like the technology and not as much time spent on testing it out for safety. That said, as long as we're all aware that we are kicking the tyres of a new technology as we go, this is not necessarily a bad thing. If we accept that the system will have flaws as it develops, we might agree that it will be worth trying it out to help produce a better version. We all become part of a great big beta project.

Digital locks are always likely to have vulnerabilities, in the same way that physical locks do, so it's important that hotels monitor vulnerability reports, and make sure that they update their systems with patches, otherwise there may be a whole lot of people sniffing around their rooms with rooted apps on their smartphone.

One thing we need to do is to make sure that people creating the apps, and the companies selling them, are actually trained in software security testing. Secrets about lock picking have been passed on from thief to thief over centuries but the internet is a much more open place. Secrets are disseminated and acted upon in short time periods and there's little that can be done about it.

Hotels and indeed any other companies that want to use locks need to adapt to this. Buying a lock system for them will no longer be a one-off investment. A hotel will need to keep abreast of developments and respond to emerging security threats. If it does though, it could win over a lot of customers.

Explore further: Security CTO to detail Android Fake ID flaw at Black Hat

add to favorites email to friend print save as pdf

Related Stories

In a Stockholm hotel, mobile phones replace room keys

Nov 02, 2010

Check-in and check-out and even opening the door to your room -- a mobile phone is the only key you need at a Stockholm hotel conducting a pilot project of new mobile applications, the participating companies ...

Security CTO to detail Android Fake ID flaw at Black Hat

Jul 29, 2014

Where have you heard this before: A team of security researchers discover a security flaw in Android devices. This is, however, news. This time, experts are talking about a flaw that involves a widespread ...

Malware worms its way into more apps, study finds

Jun 24, 2014

Malicious software is increasingly making its way into mobile phones through "cloned" versions of popular apps, and software weaknesses in legitimate ones, security researchers said Tuesday.

Recommended for you

Hit 'Just Dance' game goes mobile Sept. 25

Sep 18, 2014

Smartphone lovers will get to show off moves almost anywhere with the Sept. 25 release of a free "Just Dance Now" game tuned for mobile Internet lifestyles.

Indie game developers sprouting at Tokyo Game Show

Sep 18, 2014

Nestled among the industry giants at the Tokyo Game Show Thursday are a growing number of small and independent games developers from Asia and Europe, all hoping they are sitting on the next Minecraft.

Review: Ambitious 'Destiny' lacks imagination

Sep 18, 2014

Midway through "Destiny," the new science fiction epic from "Halo" creators Bungie, a smug prince is musing on the hero's desire to visit a mysterious site on Mars.

User comments : 0