Ocean Medallion - a BIG Question

[Corfe Mixture]

Sounds brilliant, but there is one very big question, which, to be honest Princess may have addressed and that question is

 

Will we be able to access the management page and change the management password to a unique password only we know?

 

If not, then I'm going nowhere near it particularly if it interfaces to Princess@sea.

 

If it is possible, the first thing I will do is to change the management password.

 

The reason I will take that stance is that most common entry route for malware and in particular ransomware is through devices which we authorise to connect to our phones and home network, but which have a pre-set, unchangeable, common management password.

 

Typical examples of this in the wild are domestic premises surveillance system which we can access from our PC or phone and automatic gate entry systems, many of which are bought off the shelf and have pre-programmed, non-changeable management passwords that the average user doesn't normally even know exist.

 

What happens it that once the hacker learns the common password he can get into the management page of the device after which it is a simple next step to load malicious software onto the device from where it is transferred to your phone / PC.

 

Once the hacker is into the device (in this case the Medallion), except in the case of operating systems which only allow executable code to be loaded from pre-tested locations (eg the Apple store) no virus protection system can prevent the malicious software from being passed on to the phone / PC as the device is correctly signed on / paired with your phone or PC network as a trusted device.

 

What this means is that if you can't change the password of the Medallion to something only you know, or Princess have given each Medallion a unique and robust password, then a hacker can quite easily break into a Medallion. All he needs to know is the management password and if all Medallions have the same management password that may take a while, but it is not a difficult task.

 

Perhaps if Princess read this thread they might like to offer some information in the Medallion promotional material explaining how users can block out third party access to the Medallion's management page.

 

Don't misunderstand me, as a free-standing system for opening doors etc. it is fine but, unless every device has unique management password for accessing the management page, beyond that it is IMHO a ticking time bomb.

Edited January 9, 2017 by Corfe Mixture

[lstone19]

I think you are assuming capabilities in the medallion far beyond what I am assuming. I doubt it has any capability to be programmed. I expect it is a passive device with a fixed serial number that replies with that fixed serial number when interrogated much like how the access cards that many people use at work to open doors. I expect a fixed serial number is built into it when manufactured and that is it. There will be nothing to manage on the device and no capability to manage it, therefore no device management password to be compromised.

[pablo222]

I think you are assuming capabilities in the medallion far beyond what I am assuming. I doubt it has any capability to be programmed. I expect it is a passive device with a fixed serial number that replies with that fixed serial number when interrogated much like how the access cards that many people use at work to open doors. I expect a fixed serial number is built into it when manufactured and that is it. There will be nothing to manage on the device and no capability to manage it, therefore no device management password to be compromised.

 

This is a pretty reasonable post describing the medallion as

bluetooth le.

 

http://boards.cruisecritic.com/showpost.php?p=51934807&postcount=427

 

The same poster made an excellent post in the facebook thread,

but the thread has been deleted.

 

I think mr. mixture has made some analogies that are not correct.

[skynight]

Just don't connect it to your device. You will have just as nice a time on the cruise as you always have had. To me it's nothing more than a high tech cruise card.

[Thrak]

I agree with others here. No password. No management capabilities. All personal info is stored on the servers. The sensors query the medallion, see the unique identifier, and then relate that identifier to a specific user. Nothing to hack. Nothing to compromise. The medallion isn't something to worry about.

[beg3yrs]

You smart phone or tablet don't connect to the medallion but rather the ship's intranet.

[Corfe Mixture]

Sure hope you guys are right.

 

As I said myself, if all it does is open doors / identify you to the system, then fine no problem, no risk

 

BUT it was the phrase

 

"Powers an array of interactive gaming and immersive

entertainment experiences"

 

which rattled my cage.

[Corfe Mixture]

I have been back and had another look at the flyer to try to identify whether there was anything else that rattled my cage.

 

and I came across

 

"by using the Ocean Compass, you can order select food and drinks from a lounge chair"

 

Don't see how I can make specific orders from something which operates on serial number identification and is not interactive and therein lies the potential for vulnerability.

 

Consider this true story.

 

I am a member of a club where the membership card is used to charge my bar account and my restaurant account. It is a dumb card and doesn't carry any credit. That is all on the server.

 

The card also operates the gate entry system to the car park.

 

The club servers are well protected and we have anti-hacking insurance

 

The car park gate system is effectively a device on the system and the software of the gate system is maintained via the internet by the supplier.

 

Someone hacked the management system of the gate entry system and dropped ransomware on the clubs servers.

 

We were lucky, we were insured, it happened at night after a back up of the accounts, but we had three days of writing everything by hand whilst the break in point was identified and blocked off, before the system could be safely restored.

 

The problem was that, although the membership card was a serial number only and not interactive, there was an interactive connection between the gate entry system and the main system in that it accessed the membership register which was integrated with the accounts system before opening the gate.

 

OK, device opening the gate was not interactive and could not itself be corrupted so even if we had a Bluetooth connection from the phone to identify ourselves there would not have been a problem, which is the point you all correctly make.

BUT

Supposing our system had included a facility to select and order my drinks from my phone as I passed though the car park entry system then that would have needed an interactive connection from my phone which would have resulted in my phone becoming just as vulnerable as our server.

 

So what is really concerning me is when I read that:

 

"by using the Ocean Compass, you can order select food and drinks from a lounge chair"

 

I don't see how I can select my drink from something which does nothing more than use a unique serial number to identify me.

 

The medallion does not have a screen or keyboard. So, if I am going to be able to operate interactively and specify drinks etc, it will need to operate as a router to which I connect my own interactive device and that router function will require a management page even if I can't see it.

 

This interactive operation cannot be achieved via the medallion if it is a simple device which uses a unique serial number to do nothing more than identify itself to the system.

 

So, to summarize, it is the interactive aspect which has rattled my cage.

I stress I'm not saying it can't be made secure, but they are going into very dangerous territory and I for one would like some reassurance.

Edited January 10, 2017 by Corfe Mixture

[Cruiser411]

I have been back and had another look at the flyer to try to identify whether there was anything else that rattled my cage.

 

and I came across

 

"by using the Ocean Compass, you can order select food and drinks from a lounge chair"

 

Don't see how I can make specific orders from something which operates on serial number identification and is not interactive and therein lies the potential for vulnerability.

 

Consider this true story.

 

I am a member of a club where the membership card is used to charge my bar account and my restaurant account. It is a dumb card and doesn't carry any credit. That is all on the server.

 

The card also operates the gate entry system to the car park.

 

The club servers are well protected and we have anti-hacking insurance

 

The car park gate system is effectively a device on the system and the software of the gate system is maintained via the internet by the supplier.

 

Someone hacked the management system of the gate entry system and dropped ransomware on the clubs servers.

 

We were lucky, we were insured, it happened at night after a back up of the accounts, but we had three days of writing everything by hand whilst the break in point was identified and blocked off, before the system could be safely restored.

 

The problem was that, although the membership card was a serial number only and not interactive, there was an interactive connection between the gate entry system and the main system in that it accessed the membership register which was integrated with the accounts system before opening the gate.

 

OK, device opening the gate was not interactive and could not itself be corrupted so even if we had a Bluetooth connection from the phone to identify ourselves there would not have been a problem, which is the point you all correctly make.

BUT

Supposing our system had included a facility to select and order my drinks from my phone as I passed though the car park entry system then that would have needed an interactive connection from my phone which would have resulted in my phone becoming just as vulnerable as our server.

 

So what is really concerning me is when I read that:

 

"by using the Ocean Compass, you can order select food and drinks from a lounge chair"

 

I don't see how I can make specific orders from something which operates solely on serial number identification and is not interactive and therein lies the potential for vulnerability.

 

I stress I'm not saying it can't be made secure, but they are going into very dangerous territory.

 

The medallion does not have a screen or keyboard. So, if I am going to be able to operate interactively and specify drinks etc, it will need to operate as a router to which I connect my own interactive device and that router function will require a management page even if I can't see it.

 

This interactive operation cannot be achieved if it is a simple device which uses a unique serial number to do nothing more than identify itself to the system.

 

So, to summarize, it is the interactive aspect which has rattled my cage and on which I would like some reassurance.

 

You'll need a smart device to run the Ocean Compass app to make an order. The system will then direct the server to your medallion to deliver the order.

[ALWAYS CRUZIN]

Why do they have magnets in them? For what purpose?

[Happy2cruise]

What happens if someone doesn't have a smart phone?

[BrennerM]

35 minutes ago, Happy2cruise said:

What happens if someone doesn't have a smart phone?

 

Just use the medallion as if it is a cruise card.  You don't get the fancy features of the smartphone app (ordering drinks, playing games, locating spouses, etc.) but you never had those before with a cruise card anyway.

[CarolRoy]

Just off the Caribbean Princess.  Did a 14-day cruise to the Caribbean.  We got the medallions when we checked in at the pier.  We only have a flip phone between myself and my DH.  So could not do the app.  Once we got on board, we went to Guest Services to get regular cruise cards.  No problem.  I just kept the medallions just in case.  Did NOT use the medallions at all.  We were able just to open the cabin with the card.  Door did open automatically (yes, without the medallion).  Also worked in the casino.  Just put your card at the medallion that was pictured on the slot machine.

 

Now for the serious part.  My DH has a cochlear implant in his head.  We did get a small booklet for what the medallion was "good" for.  As an after thought, Princess had a small sheet with the booklet. It stated in very small, minute printing:

 

CAUTION:  Product contains  magnets which could be harmful to pacemaker users and others with medical implants.  The Ocean Medallion should be kept at least 6" away from pacemakers and other sensitive medical equipment. 

 

You can't believe how many people did not see or read this information. Most wore the medallion around their necks.  Our cruise had mostly seniors and I wonder how many had pacemakers or other implants.

 

Princess should of invested this money on upgrading their food in the MDR and buffet.  Needless to say, we were not too impress with the food or this medallion "thing."

[ALWAYS CRUZIN]

7 minutes ago, CarolRoy said:

Just off the Caribbean Princess.  Did a 14-day cruise to the Caribbean.  We got the medallions when we checked in at the pier.  We only have a flip phone between myself and my DH.  So could not do the app.  Once we got on board, we went to Guest Services to get regular cruise cards.  No problem.  I just kept the medallions just in case.  Did NOT use the medallions at all.  We were able just to open the cabin with the card.  Door did open automatically (yes, without the medallion).  Also worked in the casino.  Just put your card at the medallion that was pictured on the slot machine.

 

Now for the serious part.  My DH has a cochlear implant in his head.  We did get a small booklet for what the medallion was "good" for.  As an after thought, Princess had a small sheet with the booklet. It stated in very small, minute printing:

 

CAUTION:  Product contains  magnets which could be harmful to pacemaker users and others with medical implants.  The Ocean Medallion should be kept at least 6" away from pacemakers and other sensitive medical equipment. 

 

You can't believe how many people did not see or read this information. Most wore the medallion around their necks.  Our cruise had mostly seniors and I wonder how many had pacemakers or other implants.

 

Princess should of invested this money on upgrading their food in the MDR and buffet.  Needless to say, we were not too impress with the food or this medallion "thing."

As soon as I took them from the package they immediately stuck together so I knew they had magnets in them. Still wonder why?

[RocketMan275]

11 minutes ago, CarolRoy said:

Princess should of invested this money on upgrading their food in the MDR and buffet.  Needless to say, we were not too impress with the food or this medallion "thing."

I don't know how you could have been impressed since you didn't use the medallion.  

[puckstoper9]

On 1/10/2017 at 2:23 AM, Corfe Mixture said:

I have been back and had another look at the flyer to try to identify whether there was anything else that rattled my cage.

 

and I came across

 

"by using the Ocean Compass, you can order select food and drinks from a lounge chair"

 

Don't see how I can make specific orders from something which operates on serial number identification and is not interactive and therein lies the potential for vulnerability.

 

Consider this true story.

 

I am a member of a club where the membership card is used to charge my bar account and my restaurant account. It is a dumb card and doesn't carry any credit. That is all on the server.

 

The card also operates the gate entry system to the car park.

 

The club servers are well protected and we have anti-hacking insurance

 

The car park gate system is effectively a device on the system and the software of the gate system is maintained via the internet by the supplier.

 

Someone hacked the management system of the gate entry system and dropped ransomware on the clubs servers.

 

We were lucky, we were insured, it happened at night after a back up of the accounts, but we had three days of writing everything by hand whilst the break in point was identified and blocked off, before the system could be safely restored.

 

The problem was that, although the membership card was a serial number only and not interactive, there was an interactive connection between the gate entry system and the main system in that it accessed the membership register which was integrated with the accounts system before opening the gate.

 

OK, device opening the gate was not interactive and could not itself be corrupted so even if we had a Bluetooth connection from the phone to identify ourselves there would not have been a problem, which is the point you all correctly make.

BUT

Supposing our system had included a facility to select and order my drinks from my phone as I passed though the car park entry system then that would have needed an interactive connection from my phone which would have resulted in my phone becoming just as vulnerable as our server.

 

So what is really concerning me is when I read that:

 

"by using the Ocean Compass, you can order select food and drinks from a lounge chair"

 

I don't see how I can select my drink from something which does nothing more than use a unique serial number to identify me.

 

The medallion does not have a screen or keyboard. So, if I am going to be able to operate interactively and specify drinks etc, it will need to operate as a router to which I connect my own interactive device and that router function will require a management page even if I can't see it.

 

This interactive operation cannot be achieved via the medallion if it is a simple device which uses a unique serial number to do nothing more than identify itself to the system.

 

So, to summarize, it is the interactive aspect which has rattled my cage.

I stress I'm not saying it can't be made secure, but they are going into very dangerous territory and I for one would like some reassurance.

I have not cruised with princess yet but it is my understanding that the interactive features are using your smart phone that is connected to the ships intranet and not the medallion. When you place the order for a drink the system will locate the medallion and send the drink. So in this way it is a read only device and does not have a program to run.

[Steelers0854]

I think you are confusing technologies here. It’s my understanding the Medallion is just an RFID type device (it may be based on some other standard but the principles should be the same). Essentially it’s a dumb beacon that is associated to your account in order to link to you. Essentially no different that your room keys. It’s how it knows to unlock your room or charge your account and not someone else on board. 
 

Really the only major difference is that the Medallion is designed to track your location. You can debate whether that’s a good idea or not in another thread but they have sensors that triangulate the position of the Medallion to a general location and then use the photo you upload to the app to find you to deliver your drink. 
 

At the end of the day it’s no more or less secure than the old room cards. The caveat to that is if someone maliciously accessed the system they would have access to your location information where with the old key card they wouldn’t because they dont work with the location tracking feature. 
 

just my thoughts based on what I know of the technology. IMO people get way too bent out of shape on this. Does it really matter that the cruiseline knows you spend 8 hours a day in your cabin or in a particular lounge? If this brings me better service I’m all for it but YMMV. 

[Haboob]

Medallions contain a BLE (Bluetooth Low Energy) radio and a very short-ranged RFID tag, both of which transmit just a built-in  ID number.  One is picked up by receivers around the ship to figure out where the Medallion (and you) are.  The other is picked up by a point-of-sale sensor you place the Medallion next to so the ship can figure out who to bill for a sale. 

 

 

[neverbeenhere]

Medallion - knows a little about me. 

 

Google - knows me better than ME. 

[CarolRoy]

5 hours ago, RocketMan275 said:

I don't know how you could have been impressed since you didn't use the medallion.  

Why use a medallion when a cruise card opens the door and gets you off and on the ship.  Princess could of use this money better IMO than on the medallion.  And again, if you have a medical device implanted in your body (in very small print), Princess says to use CAUTION.

[ALWAYS CRUZIN]

4 hours ago, Haboob said:

Medallions contain a BLE (Bluetooth Low Energy) radio and a very short-ranged RFID tag, both of which transmit just a built-in  ID number.  One is picked up by receivers around the ship to figure out where the Medallion (and you) are.  The other is picked up by a point-of-sale sensor you place the Medallion next to so the ship can figure out who to bill for a sale. 

 

 

Great but again. Why are they magnets?

[Haboob]

24 minutes ago, twodaywonder said:

Great but again. Why are they magnets?

Initially, Medallions did not have magnets and kept falling out of the wristband holders.  Now the wristbands have a ring of metal inside and Medallions have magnets to keep them from falling out.

[ALWAYS CRUZIN]

23 minutes ago, Haboob said:

Initially, Medallions did not have magnets and kept falling out of the wristband holders.  Now the wristbands have a ring of metal inside and Medallions have magnets to keep them from falling out.

I will take your word on that. Personally those do not have enough strength to do that job. One bump and out they go. I think they snap in and out.

[cheezenip]

9 hours ago, CarolRoy said:

 

 

Now for the serious part.  My DH has a cochlear implant in his head.  We did get a small booklet for what the medallion was "good" for.  As an after thought, Princess had a small sheet with the booklet. It stated in very small, minute printing:

 

CAUTION:  Product contains  magnets which could be harmful to pacemaker users and others with medical implants.  The Ocean Medallion should be kept at least 6" away from pacemakers and other sensitive medical equipment. 

 

You can't believe how many people did not see or read this information. Most wore the medallion around their necks.  Our cruise had mostly seniors and I wonder how many had pacemakers or other implants.

 

Princess should of invested this money on upgrading their food in the MDR and buffet.  Needless to say, we were not too impress with the food or this medallion "thing."

 

 

Poor planning on so many levels with this current Princess management group. Cut the food budget and waste $$ on this tech nonsense which has the potential to open up litigation and PR problems in the future!!

Edited December 5, 2019 by cheezenip

[caribill]

4 hours ago, CarolRoy said:

Why use a medallion when a cruise card opens the door and gets you off and on the ship. 

 

Neither the Medallion or a cruiser card opens any door. They unlock the door. You physically then open it.

 

The difference is that the Medallion is supposed to unlock the door as you approach it with no need for any action on your part. If using a cruise card on a Medallion cruise, you must physically place it at a designated spot to unlock the door.