If this happens, I will hide my phone and insist I don't have one until they give me a real key.
This is a complete privacy and security nightmare both from the potential of cracking it and from installing an app that will probably grab every permission it can.
It's also going to be entertaining seeing people with dead batteries begging a charge from people in the lobby.
Just place a "special" charger in the lobby that charges, but also powns the phone and gathers not just all their precious data but gains access to their room. They might not have much to steal, but you'll know there's at least a phone to take.
My guess is because none of they crypto is mentioned, its probably some self developed snakeoil, so you might not even need to own their phone. Could be as simple as "bluetooth address whatever, which happens to be in the central DB whitelist, says open sesame" and the door opens.
Amusingly I have a moto-X and my BT addrs is 1 less than my wifi MAC so if the security protocol is weak enough to depend on BT addrs, you could sniff the wireless for awhile and then just subtract 1 from each sniffed wifi MAC and have some fun with known good BT addrs. Or perhaps on other phones BT addrs = wifi + 1 instead of minus 1. Whatever.
>> This is a complete privacy and security nightmare both from the potential of cracking it and from installing an app that will probably grab every permission it can.
Aren't hotel room locks already easily cracked? I remember seeing it on HN last year. As for permissions - if you don't like them don't install the app, they aren't going to deny you a key.
>> It's also going to be entertaining seeing people with dead batteries begging a charge from people in the lobby.
Presumably in this case they would give you a key.
Smart locks are awesome, I have a z-wave lock in my house, hooked up to a home automation system I wrote so that my front door unlocks whenever I walk up to it. I love that I've reduced the "wallet/phone/keys" patdown to "wallet/phone".
Unfortunately, many of the smart locks that use your phone as an unlock mechanism don't have a good solution for what to do when your phone battery runs out. Usually the answer is "use a key", but the new problem is that once enough of your locks are smart, you stop carrying keys.
In the home, keypads work well (and they can easily be set up for guests, etc), but that seems prone to memory error in hotel situations.
> Unfortunately, many of the smart locks that use your phone as an unlock mechanism don't have a good solution for what to do when your phone battery runs out.
The only z-wave smart locks I've seen carried in national retail stores also have keypads [1,2,3]. Isn't that the solution to the battery problem?
What lock do you use? I could never rely on z-wave to open mine; I only use that to automate locking up the house at night in case I forgot. It can take up to 30 seconds for my lock to respond to a z-wave command if it hasn't already been woken by some other event, which is a long time to stand outside your door waiting for it to open for you.
I can imagine that. "App permissions required: EVERYTHING, plus your firstborn." Why is everyone so intent on messing around with my smartphone? Oh wait, my data.
I was able to read the RFID card at an Aloft hotel (they were mentioned in the article) using NFC on my phone. In principle, it should have been possible to clone that room card to my phone so I could have just used my phone, but I didn't pursue that.
I always assumed hotel keycards are writable[1], so they just change the code on the card and associate the new one with the room whenever a new guest checks in. Knowing what the code was when you were staying there wouldn't be any help at all in the future.
A side effect of this is that your room security is only as good as your SPG account password. Since someone else can just install the app on their phone, log in as you, and unlock your door.
I just installed a bluetooth deadbolt at my apartment the other day. It's actually pretty nice. And no it's not a Lockitron since apparently they don't know how to ship a product on time.
The app requests the key from a server and if it's correct it allows you to send the commands to the deadbolt. Now it's just time to start fuzzing for those commands. The only problem is that I can manipulate wifi pretty easy, but have no clue how to put bluetooth into monitor mode.
It looks like it uses Bluetooth LE, which is significantly less complicated than pairing with "classic" bluetooth. Once you have downloaded the app, it should just unlock the door based on proximity.
Entering a PIN code would be much less convenient.
Sounds a little scary to me. Trying to secure it against skimmers seems like it would be impossible. All you would have to do is rent the room, put out the do not disturb sign, then you would have unfettered, unmonitored access to the lock for as long as you like.
[+] [-] blueskin_|12 years ago|reply
This is a complete privacy and security nightmare both from the potential of cracking it and from installing an app that will probably grab every permission it can.
It's also going to be entertaining seeing people with dead batteries begging a charge from people in the lobby.
[+] [-] VLM|12 years ago|reply
My guess is because none of they crypto is mentioned, its probably some self developed snakeoil, so you might not even need to own their phone. Could be as simple as "bluetooth address whatever, which happens to be in the central DB whitelist, says open sesame" and the door opens.
Amusingly I have a moto-X and my BT addrs is 1 less than my wifi MAC so if the security protocol is weak enough to depend on BT addrs, you could sniff the wireless for awhile and then just subtract 1 from each sniffed wifi MAC and have some fun with known good BT addrs. Or perhaps on other phones BT addrs = wifi + 1 instead of minus 1. Whatever.
[+] [-] k-mcgrady|12 years ago|reply
Aren't hotel room locks already easily cracked? I remember seeing it on HN last year. As for permissions - if you don't like them don't install the app, they aren't going to deny you a key.
>> It's also going to be entertaining seeing people with dead batteries begging a charge from people in the lobby.
Presumably in this case they would give you a key.
[+] [-] gmurphy|12 years ago|reply
Unfortunately, many of the smart locks that use your phone as an unlock mechanism don't have a good solution for what to do when your phone battery runs out. Usually the answer is "use a key", but the new problem is that once enough of your locks are smart, you stop carrying keys.
In the home, keypads work well (and they can easily be set up for guests, etc), but that seems prone to memory error in hotel situations.
[+] [-] dangrossman|12 years ago|reply
The only z-wave smart locks I've seen carried in national retail stores also have keypads [1,2,3]. Isn't that the solution to the battery problem?
What lock do you use? I could never rely on z-wave to open mine; I only use that to automate locking up the house at night in case I forgot. It can take up to 30 seconds for my lock to respond to a z-wave command if it hasn't already been woken by some other event, which is a long time to stand outside your door waiting for it to open for you.
1: http://www.homedepot.com/p/Schlage-Camelot-Aged-Bronze-Touch...
2: http://www.homedepot.com/p/Schlage-Aged-Bronze-Home-Keypad-D...
3: http://www.lowes.com/pd_497751-350-910+TRL+ZW+15+SMT+CP_0__?...
[+] [-] deserted|12 years ago|reply
Are you using openzwave, RaZberry, MiCasaVerde, or something else?
[+] [-] agumonkey|12 years ago|reply
[+] [-] Piskvorrr|12 years ago|reply
[+] [-] privong|12 years ago|reply
[+] [-] onion2k|12 years ago|reply
[1] This sort of thing: http://proto-pic.co.uk/mifare-one-rfid-card-13-56mhz/?gclid=...
[+] [-] veb|12 years ago|reply
To anyone who is interested, enable NFC on your 'droid, then on Google Play, download "Card Test" and voila...
[+] [-] walshemj|12 years ago|reply
[+] [-] fvox13|12 years ago|reply
[+] [-] smackfu|12 years ago|reply
[+] [-] post_break|12 years ago|reply
The app requests the key from a server and if it's correct it allows you to send the commands to the deadbolt. Now it's just time to start fuzzing for those commands. The only problem is that I can manipulate wifi pretty easy, but have no clue how to put bluetooth into monitor mode.
[+] [-] xexers|12 years ago|reply
messing around with bluetooth sounds complicated
[+] [-] wikyd|12 years ago|reply
Entering a PIN code would be much less convenient.
[+] [-] smackfu|12 years ago|reply
[+] [-] evandena|12 years ago|reply
[+] [-] k-mcgrady|12 years ago|reply
[+] [-] dbot|12 years ago|reply
[+] [-] stonemetal|12 years ago|reply