Getting into your hotel room after a night on the town? There could be an app for that

August 13, 2014 by Bill Buchanan, The Conversation
Argh. I can see the key right there. Credit: Isabelle Anne, CC BY-NC-SA

The smartphone continues its rise and rise as the device of choice for our everyday activities. Our keys used to be the one thing we would have to carry around with us at all times and losing them would be a real headache. But in the information age, the phone is becoming our pass key.

It stands to reason then that at some point, we will use our phones instead of a key. It could then replace those annoying white pieces of plastic you get when you check into a hotel and then lock in your room the first time you go out. Trials are underway to integrate smartphones into hotel visits.

Smartphones have found their way into all kinds of places – even airports. But the hotel is a tough nut to crack. A slip up here could be costly and security is tight. It speaks volumes, then, that the Hilton hotel chain has started to allow guests to use their smartphones to select their room and to check in.

The decision was based on research that users wanted more control of their bookings, and the smartphone was the device of choice for setting this up. The next step is to extend the use of smartphones to enable people to use them to unlock their room. Hilton plans to implement this across 4,000 hotels in 80 different countries by 2016.

There is much to do before technology like this becomes the standard though. In September 2012, a Dell consultant had her laptop stolen from a Hyatt hotel room in Houston when a thief exploited a security flaw in the hotel's digital lock system. This was not a but it just goes to show that people can and will try to hack into digital systems of all kinds. The vulnerability for this lock had even been publicly disclosed in July that year at a Black Hat security conference. While the flaw had been patched within a month, the hotel in question had not implemented it, leaving guests vulnerable.

Of course these days, we buy our software in the form of apps from an app store. We can thus expect to see lock apps and key apps popping up just as soon as developers think they're onto a winner. The downside is of course that it will only be a matter of time before a whole range of other apps, focusing on lock picking, also appear. If the past has taught us anything, it's that as long as there is a vulnerable element in the overall infrastructure, it will be exploited by some budding security specialist wishing to either showcase their talent or to make a fast buck.

And unfortunately, across app development, there is often too much focus on whether users like the technology and not as much time spent on testing it out for safety. That said, as long as we're all aware that we are kicking the tyres of a new technology as we go, this is not necessarily a bad thing. If we accept that the system will have flaws as it develops, we might agree that it will be worth trying it out to help produce a better version. We all become part of a great big beta project.

Digital locks are always likely to have vulnerabilities, in the same way that physical locks do, so it's important that hotels monitor vulnerability reports, and make sure that they update their systems with patches, otherwise there may be a whole lot of people sniffing around their rooms with rooted apps on their smartphone.

One thing we need to do is to make sure that people creating the apps, and the companies selling them, are actually trained in software security testing. Secrets about lock picking have been passed on from thief to thief over centuries but the internet is a much more open place. Secrets are disseminated and acted upon in short time periods and there's little that can be done about it.

Hotels and indeed any other companies that want to use locks need to adapt to this. Buying a lock system for them will no longer be a one-off investment. A hotel will need to keep abreast of developments and respond to emerging security threats. If it does though, it could win over a lot of customers.

Explore further: In a Stockholm hotel, mobile phones replace room keys

Related Stories

In a Stockholm hotel, mobile phones replace room keys

November 2, 2010

Check-in and check-out and even opening the door to your room -- a mobile phone is the only key you need at a Stockholm hotel conducting a pilot project of new mobile applications, the participating companies said Tuesday.

Security CTO to detail Android Fake ID flaw at Black Hat

July 29, 2014

Where have you heard this before: A team of security researchers discover a security flaw in Android devices. This is, however, news. This time, experts are talking about a flaw that involves a widespread vulnerability dating ...

Malware worms its way into more apps, study finds

June 24, 2014

Malicious software is increasingly making its way into mobile phones through "cloned" versions of popular apps, and software weaknesses in legitimate ones, security researchers said Tuesday.

Recommended for you

World's biggest battery in Australia to trump Musk's

March 16, 2018

British billionaire businessman Sanjeev Gupta will built the world's biggest battery in South Australia, officials said Friday, overtaking US star entrepreneur Elon Musk's project in the same state last year.

1 in 3 Michigan workers tested opened fake 'phishing' email

March 16, 2018

Michigan auditors who conducted a fake "phishing" attack on 5,000 randomly selected state employees said Friday that nearly one-third opened the email, a quarter clicked on the link and almost one-fifth entered their user ...

Origami-inspired self-locking foldable robotic arm

March 15, 2018

A research team of Seoul National University led by Professor Kyu-Jin Cho has developed an origami-inspired robotic arm that is foldable, self-assembling and also highly-rigid. (The researchers include Suk-Jun Kim, Dae-Young ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.