[wwwwwwwwww]

I look forward to reading the breakdown on how bad the security for this system ends up being.

I can see it now - each lock would be connected to the hotel's wpa-wps network (shared with the guests of course) and use a dhcp server without static routes to assign IP addresses. Maybe if we're really lucky they'll be using some consumer-grade cisco switch with last year's firmware update.

Snark aside, they have to be _really_ careful not to fuck this up. There's so many potential attack vectors in this kind of system it's nuts.

[superuser2]

My favorite attack on hotel security is much simpler: the front desk will willingly print you a key for any room.

Hold out your keycard and ask for a duplicate. Do they take your card and swipe it? No. They ask for your room number, type it into the magstripe machine, and print you a key for whatever room number you just gave.

No electronics, skill, or even malicious intent necessary (you just "forgot" your actual room number). Look and act like you belong, and make a run-of-the-mill request. Discovered this by accident when I was ~12 and wanted to go to the pool by myself. Never actually tried to get a card for another room, but never had the desk actually verify my rights to the room when requesting an extra keycard either.

[cafard]

Maybe if you're 12. This spring I had to present my ID to get a replacement for a dead key in Philadelphia.

[superuser2]

No it still works. I mostly travel in the Midwest, though, so maybe security standards are just a little lower in Lawrence, KS than the big cities.

[hobs]

Absolutely, though really all it is going to do is make it slightly easier to hack, hotel rooms are already trivial to access most of the time.

[schrodinger]

I always figured that Hotel locks only need to keep honest people out - it's just got to be hard enough that most people don't mess with it.

Wouldn't it be way easier to sneak in when a maid isn't looking or social engineer the front desk into giving you a key to a room? And once you do, you're on camera anyway.

It's just like most houses.. Sure they have locks, but it's usually trivial to break a back window to get in. It's morals and jail that keep people out... Not the front lock.

[zik]

On the plus side it can't be worse than their existing electronic locks which have been horribly compromised:

http://www.extremetech.com/computing/133448-black-hat-hacker...

[crdoconnor]

I imagine they'll use NFC not wifi. I don't think it would be hard at all to make it more secure than existing key cards.

[ben1040]

I stayed at a Hilton property maybe a month or two ago and they already had converted the door locks over to use NFC. The room keys were your typical keycard size, except they had no magstripe and there was an NFC tag embedded within the card.

I assume the next step would be for them to deploy a phone app which emulated the NFC tag.