Advances in technology have greatly improved the guest experience, but they have also created new security threats the hotel industry previously hasn’t considered. That’s why it’s important to adopt new technology with a careful and though-out approach.
Guestroom locks at as many as 140,000 hotels around the world are vulnerable to a hack that would allow someone to spoof a master key code and gain access to any of the rooms, according to a recent article in Wired.
Now, this hack only applies to a certain brand of lock, and even then, it’s a previous generation of lock. The company that produces the lock created software to fix the vulnerability, but the fix must be installed manually on each lock, one by one. That leaves the possibility of an untold number of guestrooms that are not secure.
I don’t know about you, but if I were an owner or operator, I’d be double-checking to make sure my guestroom locks were of a different brand or that they had received the software update.
It seems never-ending sometimes. Physical locks and keys can’t be hacked, but someone could duplicate the physical key. Moving to electronic locks with key cards or passcodes was supposed to be safer, preventing the physical recreation of a key. Those, of course, can be hacked. As an added complication, while a copy of a physical key would only work for one lock or type of lock, spoofing a master key code can make any lock with the vulnerability (likely every lock in the hotel) a liability.
And so a solution comes about to fix the problem. It could be a software patch or a new product model with better software. Then someone else finds a vulnerability with that and exploits it. This pattern will continue ad infinitum.
It’s not just locks, though. So many parts of the hotel experience are moving beyond a physical process into a digital one, from guestroom locks (with mobile key access) to thermostats to smart speakers to God knows what else. We’re finding ways to connect almost anything to the internet of things, but by making everything smart, I wonder if we’re being dumb.
The hotel industry has been trying to play catch-up in terms of implementing new technology. We’ve heard at multiple conferences and interviews that the hotel industry has fallen behind other industries in its adoption rate. That’s not necessarily a bad thing, though. It gives time for hoteliers to see how new technology can be used and allows for the development of best practices.
If the industry moves too fast trying to keep up with the Joneses, it’s liable to rush through its due diligence in reviewing what the new technology can do, what it can’t do, where it’s vulnerable and why and how that could open up bigger problems. I refer you to the words of the great Ian Malcolm, who questioned whether it was such a good idea to bring dinosaurs back to life.
It doesn’t matter how big or small something is; unless something is properly and thoroughly vetted for use in a hotel, it’s a liability. Case in point: Hackers gained access to a casino’s “high-roller” database through a thermometer in the lobby’s aquarium. I doubt the person who bought the thermometer for the aquarium gave the device’s security a second thought and was mainly pleased with the convenience of having a thermometer that was part of the IoT and would make monitoring the temperature easier. That’s not to cast blame, because after all, who honestly would ever have expected a thermometer could be the entry point for hackers?
The answer, at least now, is we all should. Regardless of your position in the hotel industry, IT or front desk or human resources or whatever, any new device adopted by the hotel industry needs to be fully vetted—as should any vendor trying to sell it. I’ve heard over and over again that for the hotel industry, it’s not a matter of if you get hacked but when. While that’s mostly been applied to things like POS systems, introducing smart technology that connects everything to the IoT only provides more avenues for hackers to exploit. Though the industry can’t stop every attack, it can at least do more to make it more difficult.
What do you think about the ever expanding IoT as part of the guest experience? Are you a fan of the convenience it affords guests? Do you worry about how secure it really is? Let me know. Leave a comment below or reach out to me at email@example.com or @HNN_Bryan.
The opinions expressed in this blog do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Bloggers published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to comment or contact an editor with any questions or concerns.