You can now open hotel rooms with just your smartphone – and bypass check-in, too
Over the next few months, Starwood (which owns those three chains) will upgrade 150 of its hotels to allow keyless, smartphone entry to some 30,000 rooms worldwide. Hilton, which is a much larger hotel chain, plans to roll out a similar system next year. Keyless entry via smartphone is obviously more convenient than using a magnetic swipe card (which is easily lost or demagnetized), and probably a lot more secure, too, considering how easy it was to hack conventional Onity locks. Did I mention that keyless entry also means you can skip the check-in desk and go straight to your room, too?
Keyless hotel room entry works like this. You enroll your phone by installing an app. On the day of your stay at the hotel, a “key” (some kind of encrypted code) is sent to your phone via a push notification, along with a message telling you which room number you’ll be staying in. Then, you just hold your phone near your hotel room door, and voila — it unlocks. In this case, the app is Starwood Preferred Guest (SPG) — a loyalty scheme for its Aloft, Element, and W hotel chains.
Starwood will have to roll out brand new locks that support this new form of keyless entry — but beyond the fact that Bluetooth is used between the phone and lock, we know very few technical details. In an interview with the BBC, the company that made the new locks — HID Global — says it uses its own AES encryption method, with a “rotating key.” This could imply that the locks themselves are not networked — i.e. they’re standalone devices — and that they just rotate through a series of unlock codes.
This is probably safer than the Onity magnetic key card locks — which could be hacked very simply with an Arduino — but if anyone reverse-engineers the encryption algorithm then this new keyless scheme might not be much safer. (And unlocking millions of hotel rooms with a smartphone is an even lower barrier to entry than using an Arduino!) A much better alternative would be connecting each room lock to a central computer — so that a smarter encryption/unlocking method could be used — but I’m guessing the cost of running new cabling/routers for tens of thousands of hotel rooms was prohibitive.
Security concerns aside, keyless entry with a smartphone is so, so superior to magnetic swipe cards. First, it’s much harder to lose a smartphone. Second, your smartphone can’t be demagnetized by other things in your pocket. Third, you can skip check-in completely and go straight to your hotel room — and you can skip the check-out, too. The only problem I can see is if your smartphone runs out of battery — and it also isn’t clear how you would handle multiple people sharing the same room (does everyone get the key sent to their phone?) I assume there is some kind of fall-back solution available in such situations — Bluetooth-enabled cards that can be handed out by the front desk, or something along those lines.
Starting Wednesday, November 5, 10 Starwood hotels will be enabled for keyless entry via the SPG app. The plan is to have 30,000 rooms enabled in 150 Aloft, Element, and W hotels by “early 2015.” Next year, Hilton is expected to begin the roll-out of a similar system, with somewhere in the region of 4,000 hotels — 600,000 rooms — being enabled for keyless entry by the end of 2016.