Key Takeaway
As hotels seek to introduce guest room access via keys sent to mobile devices, there are substantive security issues, beyond digital, that will need proactive management if hotels want to continue to do their best to protect their guests from a range of criminal threats.

The Problem With Mobile Guest Room Keys

Hotel companies are forever seeking new ideas to improve their guest experience. Even better is when the idea also reduces operational costs. One such idea has been floating around for several years and its wide deployment is imminent. The idea is generically known as ‘Mobile Key’ or ‘Mobikey’. The concept is simple: guests make a reservation online; their room ‘key’ is sent to them online, allowing the guest to enter the hotel and go directly to their room;  the guest opens the door using their mobile phone without interacting with hotel staff. The momentum for ‘mobikey’ is increasing because it offers a solution for the COVID situation that demands social distancing, so what is not to like?

Will Mobikey Force Us to Fight on a New Front?

Security considerations of ‘mobikey’ have almost entirely been focused on data security: ‘key issuing’ protocols, key transmission security, ‘key’ security whilst stored on mobile devices, ‘key’ lock interface security et al.  This said, in my experience data security aspects have been primarily focused on traditional system security as perceived by IT Security experts in the here and now. I have not seen much evidence of future framing the threat going forward for we can be sure that criminals will target ‘mobikey’ and with other data systems will be at least half a step ahead of any security protocols. Criminals will seek attack surfaces for digital exploitation and, of course, physical workarounds exploiting the ‘human’ factor. ‘Mobikey’ will open a new ‘front’ in the hotel/criminal data security arms race, stretching already limited cyber defence resources. 

If not criminals, without a doubt state actors, using all the resources of a national agency, will in time be able to breach ‘mobikey’ systems for state security and intelligence purposes. 

As in other areas, It is almost certain that over time such state-sponsored methodologies will trickle down into serious and organised crime and subsequently downwards.

Does Mobikey Combine Cyber and Physical Threat?

Unlike other hotel related data systems, the breach of ‘Mobikey’ systems potentially poses an immediate physical threat to guests. The compromise of ‘key’ data will likely enable unauthorised access to guest rooms, posing a physical threat to guests and their possessions.  If threat actors build a ‘mobi-master key’ guest room attacks could be industrialised and mass attacks mounted. Is this a possibility? It would be a brave person to claim that it could not.

The deployment of ‘mobikey’ has significant implications beyond the cyber world. The ability for people to access guest rooms without interacting with hotel staff effectively undermines the hotel’s ability to implement spatial control. Criminals and those with ill intent do not like to be noticed and even less being engaged.

Criminology studies support that human interaction is a strong deterrent for most criminals, who do not want to be remembered.

It is for this reason, reception staff play an important role in hotel security; additionally, using their experience and intuition they can detect suspicious individuals, suspicious activities, and check documentation.

What’s the Cost of Free Movement in a Hotel?

Free movement to guest rooms without the need to physically check-in may undermine a hotel’s capability to combat crimes such as:

  • Child sexual exploitation
  • Prostitution
  • Drug dealing
  • Drug production
  • Terrorism
  • Criminal planning and operational support
  • Reservation and loyalty program fraud

Furthermore, how will hotels ensure that they are not selling rooms to minors or confirm the identity of guests using the rooms? The mobile device becomes the key and can simply be passed between individuals – so the room could be booked by Mr Smith but occupied by Mr Jones, for instance. The inability to check the identity of guests will inevitably conflict with local lodging codes, ‘innkeepers’ regulations and, in some cases, national counter-terrorism laws. 

In addition to the expense and operational disruption of converting to ‘mobikey’, the system introduces a fail point that could cause severe business interruption. I heard that whilst trailing a ‘mobikey’ type system, a well-known branded hotel suffered a major outage that prevented guests from accessing their rooms. Inevitably, the failure occurred during the late evening, impacting guests returning from nights out; the effective response was hampered by the late hour and the lockout lasted for hours. From this, ‘mobikey’ type systems could be a prime target of a ransomware attack, perhaps for extortion or business sabotage.

I am not proposing that ‘mobikey’ systems should be abandoned; progress is a good thing. I am, however,  lobbying for an ‘eyes wide open’ approach and I encourage hotel operators not to be blind to the potential downsides. Hopefully, they will recognise the need for proactive and ongoing risk management that considers both physical and digital threats.

Questions for Consideration:

  1. Do you understand the potential threats and  vulnerabilities that mobilekey systems introduce to your hotels?
  2. Do you know how to identify and manage these threats?
  3. Do you have a response plan should your mobilekey system be compromised?

For many of today’s hoteliers, the growth of technology and the merging of cybersecurity and physical security can be hard to keep up with. NorthPoint International’s expertise includes cybercrime, physical security, hotel security and resilience as well as hotel operations. Contact us to learn more about reducing the threats, risks and vulnerabilities of new technologies.