I look forward to reading the breakdown on how bad the security for this system ends up being.
I can see it now - each lock would be connected to the hotel's wpa-wps network (shared with the guests of course) and use a dhcp server without static routes to assign IP addresses. Maybe if we're really lucky they'll be using some consumer-grade cisco switch with last year's firmware update.
Snark aside, they have to be _really_ careful not to fuck this up. There's so many potential attack vectors in this kind of system it's nuts.
My favorite attack on hotel security is much simpler: the front desk will willingly print you a key for any room.
Hold out your keycard and ask for a duplicate. Do they take your card and swipe it? No. They ask for your room number, type it into the magstripe machine, and print you a key for whatever room number you just gave.
No electronics, skill, or even malicious intent necessary (you just "forgot" your actual room number). Look and act like you belong, and make a run-of-the-mill request. Discovered this by accident when I was ~12 and wanted to go to the pool by myself. Never actually tried to get a card for another room, but never had the desk actually verify my rights to the room when requesting an extra keycard either.
I always figured that Hotel locks only need to keep honest people out - it's just got to be hard enough that most people don't mess with it.
Wouldn't it be way easier to sneak in when a maid isn't looking or social engineer the front desk into giving you a key to a room? And once you do, you're on camera anyway.
It's just like most houses.. Sure they have locks, but it's usually trivial to break a back window to get in. It's morals and jail that keep people out... Not the front lock.
I guess the obvious concern is with someone figuring out a way to turn any smartphone into a key to enter any room; I'm guessing it would be easy to do given access to the person's email? Hopefully they make sure that it's done right the first time before any kind of incident.
OR not AND? Man I guess if I have to choose I'll choose to use it as a key, and pick my room via my laptop.
Now if you could use the smartphone to do both, You might be able to choose the room to have keys to, even if that room was not yours.
Ok, more serious. I like the idea of this. I have several AirBnB properties, and this could make my life a lot easier. Though at the same time my Girlfriend always finishes the night with her iPhone completely dead, so it could also make things a lot more complicated.
All in all I like the convenience, and fear the security.
[+] [-] wwwwwwwwww|11 years ago|reply
I can see it now - each lock would be connected to the hotel's wpa-wps network (shared with the guests of course) and use a dhcp server without static routes to assign IP addresses. Maybe if we're really lucky they'll be using some consumer-grade cisco switch with last year's firmware update.
Snark aside, they have to be _really_ careful not to fuck this up. There's so many potential attack vectors in this kind of system it's nuts.
[+] [-] superuser2|11 years ago|reply
Hold out your keycard and ask for a duplicate. Do they take your card and swipe it? No. They ask for your room number, type it into the magstripe machine, and print you a key for whatever room number you just gave.
No electronics, skill, or even malicious intent necessary (you just "forgot" your actual room number). Look and act like you belong, and make a run-of-the-mill request. Discovered this by accident when I was ~12 and wanted to go to the pool by myself. Never actually tried to get a card for another room, but never had the desk actually verify my rights to the room when requesting an extra keycard either.
[+] [-] hobs|11 years ago|reply
[+] [-] schrodinger|11 years ago|reply
Wouldn't it be way easier to sneak in when a maid isn't looking or social engineer the front desk into giving you a key to a room? And once you do, you're on camera anyway.
It's just like most houses.. Sure they have locks, but it's usually trivial to break a back window to get in. It's morals and jail that keep people out... Not the front lock.
[+] [-] zik|11 years ago|reply
http://www.extremetech.com/computing/133448-black-hat-hacker...
[+] [-] crdoconnor|11 years ago|reply
[+] [-] omarali|11 years ago|reply
[+] [-] spindritf|11 years ago|reply
[1] https://addons.mozilla.org/en-US/firefox/addon/refcontrol/
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] lihorne|11 years ago|reply
[+] [-] drakaal|11 years ago|reply
Now if you could use the smartphone to do both, You might be able to choose the room to have keys to, even if that room was not yours.
Ok, more serious. I like the idea of this. I have several AirBnB properties, and this could make my life a lot easier. Though at the same time my Girlfriend always finishes the night with her iPhone completely dead, so it could also make things a lot more complicated.
All in all I like the convenience, and fear the security.