Nortek Blue Pass Mobile Access Reader Tested

By: Brian Rhodes, Published on Jul 11, 2019

Nortek claims BluePass mobile readers are a 'more secure and easy to use approach to access', but our testing uncovered security problems and usability issues compared to other mobile readers.

free image1 2 - Nortek BluePass Mobile Reader Tested

Inside, we examine:

  • The biggest strengths and problems with BluePass
  • Testing Nortek's mobile app performance with both Android and iPhone
  • The prices we paid for BluePass credentials and mobile reader
  • Overview explaining BluePass' configuration to IPVM's test access system
  • A mysterious, and unused, extra pigtail connector
  • An explanation of Nortek OEM ProDataKey's mobile reader
  • The platform's strengths & weaknesses compared to others

Upcoming Mobile Shootout

Later this summer, IPVM will publish a shootout of mobile credential platforms including BluePass and a number of other tested products:

Key ********

********* *****************:

  • ******* : ******* ***** * 'mobile' *******, *** **** shows ***** ****** ** farther **** ~* **** away **** *** ****** or **** *********** ****** be '****'.
  • *** ***, ******* ****: *** ** ********' biggest ****** ** ******* 'high ********' **.** *** formats ** **** ** supported, *********** ********* *** device **** ***** **** in **** ******* *** not ******* *************.
  • ** *** ********: ******'* ********** *** does *** ******* ****** unlock *******, ******* ***** cannot ******** ***** ******* access **** ******.
  • *** ****** ********: ******** ** *** integrated **** **** ****** platforms, ********* *** ******** and ********** ** * redundant ****** ****** ****** in ******'* ******.

******** *** ********* *******:

  • ** ****** ************:** **** **** *** attempts, ** ****** **** failed ** **** ** either *** *** ** Android **** ******.
  • ****** '*****' *******:**** ********, ***** *** have ***** ***** ** their ****** ** *****, and ****** ********** *** reader ******** *** ******** of ***** ** *****. Not *** ****** ******* include **** *******, ***** is ****** **** ********** phones **** ******* ****** happen.
  • ******* *****:****** **** '****** *****' readers, ******** *** * sealed ********* *** ** IP65 *****. ** ****** unit *********** ******* ** direct **** *** ****, and *** ****** ********* as *******.

BluePass ****** ******

******'* **** ******-***** ****** is ***~$*** ********, ********* ** *** mullion ****** **** *** furnished **** * ****-*****/****** gang *** ******* *****.

**** ************ ****** *******, BluePass ** ******* *** the ********** **** ** door *********** *** **** standard ****** ******. *** reader ** ******** ** a **** ***** ******* housing **** *** **** status ********* **** ******* green ** ***** *****:

*******, *** ******* ******** dirt, *****, *** ************ in ****** *** *** looks ***** ***** ***** service ****. ****** *** excessive ******* ** *** test **** *****:

***** ****** ********** ******** cleaning ******** *******, * step *** ****** **** most ***** ******* **** typically **** * *****/*** glossy *******.

Short ****** *****

*** ****** '******' ***** of ****** ** ******'* reader *** ******** ** be *** ****** **** other ****** *******.

*** ***** ********* ** BluePass *** ******* '*******' or *** ***** ** to * ******* ******** of ** ******. *** sensitivity ** *** ******'* BLE ***** ** ******* one ******* ***** ******, with ** ******** ****** listed *** '*******' *** 'Closer' ********:

***** **** **** ** be ** **** ***** proximity ** *** ****** to ****** *******, **** when ***** ** *** to *** ******* '*******' setting. ****** ***** *** close ***** ** * security *******, **** *********** **** ***************:

** *** ******’* ********* reception ******** ** *** too ****, ** *** inadvertently **** **** ** employee’s ****** ****** *** allow ************ ***** **** the ******** ****** ********* a **** ****, ** touching, *** ******.

** ***** ** ****** tech ******* *** ******** the ***** **** ***** is ****** *** ******* of *** ******.

********' ******* ***** ** shorter *** **** ************ than ***** ****** ******* IPVM *** ******, ********* HID, ********* ****, ********, and *****.

*** ***** ***** ********** will ******* ******** **** being ****** ** ************ requiring ****** **** ****** like ******* ****** *****, many **********, *** *** be * ********* ********** for *** *************.

125 *** ****

******* ********** ** *** reader ** **** ** only '*****' ****** *** kHz ** *** ***********. No **.** *** ********** formats ** *** **** are *********.

******* *** ******* *** insecure *** *******, *** *** ** BluePass **** ********** ***** types, *** ****** ** commonly ******** **** '**** security' ****** **************.

**** **** ***********, ** the *** *** ***** cannot ** ********, **** if ***** **** ** exclusively *** *** *** credentials.

****** ***** ** **** if/when **.** *** ******* is ******** *** ********, users **** **** ** replace ******* ******* *** upgrades **** *** ** possible **** ******** ******.

No *** ********

** ******** ** *** required ***** *****, *** smartphone *** *** ** manual '******' ****** *** unlocking * **** *** visitors ** ****** *** users ******* ** *** 'secure ****' ** ** opening.

******'* ********* ********** *** has ** ******* ******* or ***** *******, *** once * ******** ********** is ***** ** * device ** *********** ****** to **** ******:

*** *** **** *** need ** ** ****** to ** ********, *** even * ****** ***** running ***** **** **** activate ***********.

** ****** **** **** 150 ******** *** *** credentials ** **** ******* and *******, ************ ** issues. ******** **** ******** in *** ********.

Web ****** ********** ****

*** ********'* *** ****** is ****** ** *** credentials *** ***/****** ***** to *** ******, ***** a ******** ********* *** available ** *** ********** apps.

**** ***** *** *****, emails *** **** ** their ****** ***** **** allow **** *** ******** their ****** ** *******:

****** ************** *** *** required ** **** ****** to **** ******* ** enroll ** ****** ***********, but *** *** ****** is *** ************ ** other ****** ******* *** essentially ** * ********* and *****-***** ***********.

*** '***** **********' ******** access ********** *********, **** csv ****** ***** *** be ******** **** *** portal, *** ********* *********** must ** ******* ********.

Credential ********** *****

******** *********** *** **** in *, **, *** 100 **********, **** ****** ranging **** ~$* - $8 **** ********* ** how **** *** *******.

***** '*******-***' ***** *** then ********** ** **** web ****** ********, **** individual ****** ******* ** specific *****.

** ***** ** ** validated *** * ******** site's ******** *******, *** Portal's **** ******* **** assign *** ***********, *** while ******** ****** *** be ******** *** **** this ************** **** ********* need ** ** ********** to ******* ****** ********* or ******** ******** ****.

One ********** *** ******

* ********* ******* **** BluePass *********** ** **** can **** ** ******** to * ****** *** time, *** ** ***** change, ****, ** *** multiple ******* **** **** need ** ******** ******** credentials ** *** **** on *******.

****** ********* ****:

******** ****** *********** *** only **** *** *** life ** *** ******** mobile ******. **** * new ****** ** *********, new *********** *** ********, even ** *** ***** number *** *** *******.

**** ********** **** ****** in ******** *********** ********* for ****** *****, *** could ***** **** **** to ******* *** ***** changing ******* ********** ** control ******** ********** *****.

Reader **** **********

******'* ****** ****** ** longer **** **** '******* mount' *******, *** ** available **** ** *** size, * ****** ********** of ****** ***** ************* **** ******.

*******, *** ****** ******* are ********* ** ******* sizes, ********* *** **** generally ********* '**** *****' R40 ****:

BluePass ** ******* ****

****** *** ********* ** BluePass, *** ********** **** between *** **** *** door *********** *** ** intercepted.

*** **** ** ********** to '*** ** *** middle' ******** ***$** ****** ** ************** **** **** ** physically ********* *** ****** in *** ***** ** reader *****:

******** ***** *** **** even ******* ** ******** a ****** ****** ** sensor ** *** ******, so ********** **** * device ***** *********** ** undetected ** *** ******.

Unlabeled *** ******** *****

*** ********* ******* ** BluePass ****** ** ** unlabeled ********* ******* **** the ***** ********* **********:

******'* ************* **** *** explain **** ** *** this ********* ** ******** or **/***** ** ****** be ********* ** ** access ******.

****** **** ******* *** not ******* *** ******* either, ****** ******* ** 'that ***** ** ******', unable ** ******* *** it ** ******** ** not ******.

***** *** * ***** factor, *** ********* *** terminated *** **** **** up ****** *** *** make ********** * ***** pigtail **** * ******** box ********* ** ***** is *****.

Versus *** *****/****** ***********

*** **** ** ******** is ****** ** ** higher **** *** ** used ** ***** ******* with **** ***** **** frequent ****** ****** ********.

***** ****** ********** ***** are ****** ** ** slightly ***** *** * one-time ******** **** ********, Nortek *********** *** ***-************ and ****** ** ******** to **** **** *** device, ********* ********** ******* ** ***** on '*** ****'. ** unlike ********, ******** ******* can ** ****** ***** HID ***** *********** *** a ****** ***** ** about $* *** **** versus ~$* *** **** Nortek ********** ******.

**** ******, *** ****** credential ** * ***-**** purchase **** *** ** used *** *** **** of *** ****** ** was ********, ***** *** is ** ****** ****.

Versus ********

**** ** *** **** 'cool ******' ******** ********* in ******* ********'* ******* are ******* ** ********, including *** '*****' ** open ******* *** ************* with **** *** *** Android *******.

******, ******** ********* **** of *** *** *** and ******* ************ **** BluePass *** ** ********** only **.** *** ******* and ********** **** **** the ****** ** **********.

** ***** ** *********** ****, **********'* *********** *******, *** ********* ****** at ~$*** ****, *** two ***** *** *********.

**** ********, ***** ** no ****** ********** ******** required. *******, ****** ******, Openpath ******* **** **** with ******** *********** *** the ****** ****** **** be **** *** * service *** ********* ******* for *********** ** ** valid.

Versus ******** *** *** *******

******** ** *** ***** of '***-***' *** *** readers, ******'* **** ** quite ****. **** *** example *** *** **** Midrange **** **** ******* ~$130 ****** ** ******'* ~$250 *****:

***** **** *******, ********'* 125 *** ************* ***** sense *** '******' ********* credentials, *** ** ******* are ********* ***** ***** physical *********** ****** **** mobile, **** ****** *** kHz ******* *** ******** available.

Nortek **** *** **********

****** ** ******* ******** to ****** ****************(******** ****** '***') ******* **.

*** *******'* ***** ***** shows *** **** ****** and **** ********, *** interestingly *** ******* *** available ** *** **** Nortek *******:

*** ***'* ******* ******** UniKey's '*****' ******* **** detects ***** **** ** the ******* * **** is *******, *********** ******** activating *** ****** ** intruders ****** ** ******* close **.

**********'* *** **** ****** substantial ************ **** ***** Nortek ********, **** ********** user *** ********** ********** without * *** ******, and ****** **** ****** command ******* ** *** app.

** **** ** ***** distribution-access***** ** ******** ****** profile **** ***** **** summer, *** **** ******* Touch ** ***********, *******, and ******** ** ***** then.

UniKey *****

**** ********, ****** ** relying ** *********** ******** development *** *** ****** platform. *************, **** ******* is **** ** * partnership ****'****** ***********' ********* ******:

** ***** ** ********* ***********, **** ******* *** developed *** '****** ***********' piece *** **** ******** from ****** **** ******* (see ******* **** ****), ****, ****, *** Honeywell.

Device ******* & ******** ****

  • ****** * **** ******* iOS **.*.*
  • ** ** ******* ******* 8.0.0 '****' ******** ******* H83030C
  • ****** ******** ********: *.*.**

Comments (1)

**** ***********. * ***** definitely **** ** ***** due ** *** ****** support. **** ********** ***** to ** **** **********, I **** **** *** thinking *** *** ********* they *** ** ***** is **** *** ****. In *** **** *** selling ****** ***** ****** be *******.

** *** **** ** my **** * ****** if **** ***** ** pushed ** *** ****** to **** ******* ** *********** ** *** ** vague. ** ******** * controller *** ****** *** does *** **** *** which ******* ********* *** supported ** ***********.

Read this IPVM report for free.

This article is part of IPVM's 6,525 reports, 879 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
The Problem With Fever Detecting Thermal Sunglasses on Apr 15, 2020
While the media has promoted using thermal sunglasses to detect fevers, this...
Free Online NFPA, IBC, and ADA Codes and Standards 2020 on Sep 03, 2020
Finding applicable codes for security work can be a costly task, with printed...
Injes Tiny Temperature Terminal Tested on Jul 17, 2020
While temperature terminals have trended bigger, the Injes DFace801 is...
Favorite Access Control Credentials 2020 on Sep 15, 2020
Credential choice is more debated than ever, with hacking risk for 125kHz and...
Mobotix Thermal Detection Camera Tested on Jun 09, 2020
For years Mobotix has struggled but now sales are surging driven by Mobotix's...
Clinton Public View Monitor (PVM) Mask Detection Tested on Jul 09, 2020
Face mask detection, or more specifically not wearing one, is expanding...
Milestone Presents XProtect On AWS on May 04, 2020
Milestone presented its XProtect on AWS offering at the April 2020 IPVM New...
Facial Recognition: Weak Sales, Anti Regulation, No Favorite, Says Security Integrators on Jul 07, 2020
While facial recognition has gained greater prominence, a new IPVM study of...
FLIR A Series Temperature Screening Cameras Tested on Jun 04, 2020
FLIR is one of the biggest names in thermal and one of the most conservative....
FDA Gives Guidance on 'Coronavirus' Thermal Fever Detection Systems on Mar 30, 2020
The US FDA has given IPVM guidance on the use of thermal fever detection...
Beware Of Feevr on Apr 14, 2020
Beware of "Feevr". The company is marketing a 'Feevr' solution that...
IPConfigure Presents Orchid Fusion VSaaS on Apr 30, 2020
IPConfigure presented Orchid Fusion VSaaS at the April 2020 IPVM New Products...
K7 Wall Mounted IR Temp Gun Tested on Jun 26, 2020
The original K3 model was missing a number of important features but the...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...

Recent Reports

Mobile Access Control Usage Statistics 2020 on Sep 21, 2020
Most smartphones can be used as access control credentials, but how...
Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Chilean Official Investigated for Motorola And Hikvision Contracts on Sep 17, 2020
A corruption investigation is underway in Chile after a crime prevention...
Huawei HiSilicon Production Shut Down on Sep 17, 2020
Huawei HiSilicon chips are no longer being manufactured or supplied to...
Virtual ISC West and GSX+ Exhibiting Contrasted on Sep 17, 2020
Both ISC West and ASIS GSX are going virtual this year, just weeks apart, but...
X.Labs Sues FLIR on Sep 16, 2020
X.Labs, the maker of Feevr, has sued FLIR, the publicly traded thermal...
Video Surveillance 101 September Course - Last Chance on Sep 16, 2020
Today is the last chance to sign up for the Fall Video Surveillance 101...
No Blackbody Mistake, Half Million Dollar, Hikvision Fever Camera System in Georgia on Sep 16, 2020
A Georgia school district touted buying Hikvision fever screening "about...
Costar Technologies / Arecont H1 2020 Financials Examined on Sep 16, 2020
Costar's financial results have been hit by the coronavirus with the company...
Startup Cawamo Presents Live Alerts With Edge AI and Cloud VMS on Sep 15, 2020
Cawamo, an Israeli edge-to-cloud analytics and VMS startup, presented its...
Favorite Access Control Credentials 2020 on Sep 15, 2020
Credential choice is more debated than ever, with hacking risk for 125kHz and...
Dangerous Hikvision Fever Screening Marketing In Africa on Sep 15, 2020
A multi-national African Hikvision distributor is marketing dangerously...
New Products Show Fall 2020 Announced - Register Now on Sep 14, 2020
IPVM's sixth online show will feature New Products from over 25...
Hanwha 8K / 33MP Camera Tested on Sep 14, 2020
Hanwha Techwin has released an 8K / 33MP resolution camera, the TNB-9000 with...