If you have an Apple or Android smartphone and stay at one of 11 brands of hotels in Hilton\u2019s portfolio, then your smartphone will soon double as your hotel room key. Imagine using a smartphone as room key for more than 650,000 hotel rooms, at over 4,000 hotels in 80 different countries\u2026what could possibly go wrong?Hilton Worldwide has upgraded its technology to the tune of $550 million and announced that by the end of 2014 guests will be able to use their phone to select their exact room from digital floor plans \u201cfor over 650,000 rooms at more than 4,000 hotels across Hilton\u2019s portfolio of 11 brands.\u201d Guests can also \u201ccustomize their stay by purchasing upgrades and making special requests for items to be delivered to their room, on their mobile devices, tablets and computers.\u201dThe ability to bypass the front desk and use a smartphone as a room key will roll out in 2015; \u201call U.S. hotels across four of its brands will have this capability by the end of that year. By the end of 2016, the majority of its rooms system-wide will be equipped with this functionality.\u201dIs it secure or will this feature become the next hotel hacking case? Would it stand up to the likes of Jesus Molina, who will present Learn How to Control Every Room at a Luxury Hotel Remotely at Black Hat? Molina exploited vulnerabilities in the KNX communications protocol that St. Regis ShenZhen hotel in China used so guests can control the features in their room with the supplied iPad and digital butler application.\u201cUsing protocols like KNX for home automation makes no sense for wireless,\u201d Molina told Wired. \u201cThis guerrilla war we\u2019re playing with the Internet of Things can get dangerous. This is not something I say lightly.\u201d He claimed that an arbitrary attacker could control virtually every appliance in the hotel remotely. \u201cThe KNX\/IP protocol provides no security, so any hotel or public space that have deployed it on an insecure network will make it easy to exploit.\u201dA spokesman for the KNX Association said \u201cthe most recent version of the standard did feature authentication and encryption and that it was \u2018essential that separate Wi-Fi networks are used\u2019 for the purposes of guest internet access and automation.\u201dSt. Regis Shenzhen said Molina's claim that he took control of the automation system was "unsubstantiated," but it had "temporarily suspended the control system of the in-room iPad remote controls for system upgrading." Since this allegedly includes taking down the whole system and rewiring everything for every hotel room, the ability to exploit the fatal flaws hardly seem \u201cunsubstantiated.\u201dThe Starwood chain, which owns St. Regis, as well as the Marriott and InterContinental Hotel groups, are in a mobile services race along with Hilton. The Wall Street Journal reported that Starwood is already testing mobile phone room keys; Marriott allows guest to use mobile check-in and check-out, and InterContinental sends out push notifications to guests, such as two-for-one drink specials at the bar.Hilton launched Conrad Concierge in 2012, allowing guests to use the hospitality software app to check-in through their mobile device. \u201cGoing forward, Hilton anticipates delivering further digital advancements to guests every six to eight weeks.\u201dRegarding room selection, Hilton said that by the end of summer, Hilton HHonors members can check-in and choose their room \u201cvia the Apple and Android HHonors apps across the following U.S. brands: Waldorf Astoria Hotels & Resorts, Conrad Hotels & Resorts, Hilton Hotels & Resorts, Hilton Garden Inn, Homewood Suites and Home2 Suites.\u201dAt 6 a.m. the day before a booked stay, Hilton HHonors members can sign into their account via their mobile device, tablet or computer to check-in and choose their preferred room through floor plan maps or lists populated from the hotel\u2019s available inventory. Photos of rooms are also available to help with their selection. Hilton\u2019s digital lobby function is updated in real-time, so guests no longer have to wait until they are physically in the hotel lobby to be assigned a room.Next year, Hilton guests can skip the lines at the front desk and use their smartphones to unlock the doors to their rooms. If Hilton currently uses NFC for the door locks, with an NFC tag embedded in the keycards that can unlock the door, then it might be reasonable to assume the hotel\u2019s app would tap into NFC-enabled phone capabilities. It remains to be seen if some curious hacker will find a way to exploit potential flaws in these new features.It was two years ago when we learned 4 million hotel rooms were insecure due to Onity programmable keycard locks. With under $50 in off-the-shelf hardware, Cody Brocious opened a Onity lock in only 200 milliseconds. Inspired by Brocious, hackers then cut costs to about $30 and created a pen-sized device that looked like a dry erase marker. When the \u201cJames Bond\u201d pen was pushed into a DC port on the underside of a hotel keycard lock, it instantly popped the lock open.Time and technology marched on, creating new ways to hack hotel features, as will be highlighted by Molina next week at Black Hat. Let's hope that Hilton's implementation will be secure or hacking it to open other guests' doors might end up as a presentation in Black Hat 2015.