This is my first experience at a hotel using a mobile phone app as a keycard. It seems to transmit using BLE (Bluetooth Low-Energy).

Great for convenience, but I'm not sure how trustworthy it is, even though the permissions aren't egregious. I'll be disabling or uninstalling it until the next time I stay at one of these properties just to be safe.

@voltronic I’ve been wondering about that option as the resort I’m staying in on Maui uses it. As well, the Safe Hawaii app is required to travel to the islands. Before embarking on the trip, I’ll be required 2 upload my flight info to the island, my vaccination card and ID for verification. Upon approval a QR code is given & req’d 2 show upon landing & forgo current testing procedures & quarantine. All of that makes me a bit nervous. There are currently no exceptions unless restrictions lifted.

@CherNohio
Well it doesn't sound as though you have a choice. It's not like they are storing all those docs in the app. You just have to hope their database is well protected.

None of these things are probably as invasive as what the big social media companies do.

@voltronic @CherNohio
Can't a third party detect the transmitted code and reproduce it later to get into your room?

@EileenKCarpenter @voltronic @CherNohio its possible that the code changes so that the same signal is not repeated. Similar to other 2FA rolling codes.

@JGNWYRK @EileenKCarpenter @voltronic @CherNohio

It's not going to be a static code, it's going to be time-stamped, at a minimum.

On top of that, the encryption key is almost certainly negotiated on the fly.

@mcfate
Well the thing is, the same locks and elevator readers work with the phone app or a key card from the main desk. You have an option to use either one. I went with the phone option because the app let me check in beforehand.

So everything you said makes sense, but I'm not sure the codes rotate if you can have your phone and a keycard, and can access your room with either one.

@JGNWYRK @EileenKCarpenter @CherNohio

@voltronic @JGNWYRK @EileenKCarpenter @CherNohio

You're assuming a single code path behind whatever's communicating with the card on the one hand (via a mechanical interface) or the app (via BLE, or NFC, or something), and I'm definitely not assuming that.

I mean, it COULD be a really crappily-thought-out system, but I wouldn't want to take that as a given.

@mcfate
The key card isn't mechanical. It operates the same way, with BLE or NFC as you say. Maybe an RFID tag. The app only requires BT.

@JGNWYRK @EileenKCarpenter @CherNohio

@mcfate
It asks you to verify some personal info, and then it pulls the info from your reservation. The app has a few different sections, one of which is to bring up your "digital key".

I just found the system this uses:

assaabloyglobalsolutions.com/e

@JGNWYRK @EileenKCarpenter @CherNohio

Follow

@mcfate
That's not what this page says. The key is on your phone, in an 'encrypted vault'.

In any case, the key isn't decrypted until after the lock receives it. So, this system seems much more resilient than your typical HID cards. You can clone those from a few feet away, yet companies still use them.

@JGNWYRK @EileenKCarpenter @CherNohio

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.