The smartphone continues its rise and rise as the device of choice for our everyday activities. Our keys used to be the one thing we would have to carry around with us at all times and losing them would be a real headache. But in the information age, the phone is becoming our pass key.
It stands to reason then that at some point, we will use our phones instead of a key. It could then replace those annoying white pieces of plastic you get when you check into a hotel and then lock in your room the first time you go out. Trials are underway to integrate smartphones into hotel visits.
Smartphones have found their way into all kinds of places – even airports. But the hotel is a tough nut to crack. A slip up here could be costly and security is tight. It speaks volumes, then, that the Hilton hotel chain has started to allow guests to use their smartphones to select their room and to check in.
The decision was based on research that users wanted more control of their bookings, and the smartphone was the device of choice for setting this up. The next step is to extend the use of smartphones to enable people to use them to unlock their room. Hilton plans to implement this across 4,000 hotels in 80 different countries by 2016.
There is much to do before technology like this becomes the standard though. In September 2012, a Dell consultant had her laptop stolen from a Hyatt hotel room in Houston when a thief exploited a security flaw in the hotel’s digital lock system. This was not a smartphone application but it just goes to show that people can and will try to hack into digital systems of all kinds. The vulnerability for this lock had even been publicly disclosed in July that year at a Black Hat security conference. While the flaw had been patched within a month, the hotel in question had not implemented it, leaving guests vulnerable.
Of course these days, we buy our software in the form of apps from an app store. We can thus expect to see lock apps and key apps popping up just as soon as developers think they’re onto a winner. The downside is of course that it will only be a matter of time before a whole range of other apps, focusing on lock picking, also appear. If the past has taught us anything, it’s that as long as there is a vulnerable element in the overall infrastructure, it will be exploited by some budding security specialist wishing to either showcase their talent or to make a fast buck.
And unfortunately, across app development, there is often too much focus on whether users like the technology and not as much time spent on testing it out for safety. That said, as long as we’re all aware that we are kicking the tyres of a new technology as we go, this is not necessarily a bad thing. If we accept that the system will have flaws as it develops, we might agree that it will be worth trying it out to help produce a better version. We all become part of a great big beta project.
Digital locks are always likely to have vulnerabilities, in the same way that physical locks do, so it’s important that hotels monitor vulnerability reports, and make sure that they update their systems with patches, otherwise there may be a whole lot of people sniffing around their rooms with rooted apps on their smartphone.
One thing we need to do is to make sure that people creating the apps, and the companies selling them, are actually trained in software security testing. Secrets about lock picking have been passed on from thief to thief over centuries but the internet is a much more open place. Secrets are disseminated and acted upon in short time periods and there’s little that can be done about it.
Hotels and indeed any other companies that want to use smartphone locks need to adapt to this. Buying a lock system for them will no longer be a one-off investment. A hotel will need to keep abreast of developments and respond to emerging security threats. If it does though, it could win over a lot of customers.