Nortek Blue Pass Mobile Access Reader Tested

By Brian Rhodes, Published Jul 11, 2019, 10:15am EDT

Nortek claims BluePass mobile readers are a 'more secure and easy to use approach to access', but our testing uncovered security problems and usability issues compared to other mobile readers.

free image1 2 - Nortek BluePass Mobile Reader Tested

Inside, we examine:

  • The biggest strengths and problems with BluePass
  • Testing Nortek's mobile app performance with both Android and iPhone
  • The prices we paid for BluePass credentials and mobile reader
  • Overview explaining BluePass' configuration to IPVM's test access system
  • A mysterious, and unused, extra pigtail connector
  • An explanation of Nortek OEM ProDataKey's mobile reader
  • The platform's strengths & weaknesses compared to others

Upcoming Mobile Shootout

Later this summer, IPVM will publish a shootout of mobile credential platforms including BluePass and a number of other tested products:

Key ********

********* *****************:

  • ******* : ******* ***** * 'mobile' *******, *** **** shows ***** ****** ** farther **** ~* **** away **** *** ****** or **** *********** ****** be '****'.
  • *** ***, ******* ****: *** ** ********' biggest ****** ** ******* 'high ********' **.** *** formats ** **** ** supported, *********** ********* *** device **** ***** **** in **** ******* *** not ******* *************.
  • ** *** ********: ******'* ********** *** does *** ******* ****** unlock *******, ******* ***** cannot ******** ***** ******* access **** ******.
  • *** ****** ********: ******** ** *** integrated **** **** ****** platforms, ********* *** ******** and ********** ** * redundant ****** ****** ****** in ******'* ******.

******** *** ********* *******:

  • ** ****** ************:** **** **** *** attempts, ** ****** **** failed ** **** ** either *** *** ** Android **** ******.
  • ****** '*****' *******:**** ********, ***** *** have ***** ***** ** their ****** ** *****, and ****** ********** *** reader ******** *** ******** of ***** ** *****. Not *** ****** ******* include **** *******, ***** is ****** **** ********** phones **** ******* ****** happen.
  • ******* *****:****** **** '****** *****' readers, ******** *** * sealed ********* *** ** IP65 *****. ** ****** unit *********** ******* ** direct **** *** ****, and *** ****** ********* as *******.

BluePass ****** ******

******'* **** ******-***** ****** is ***~$*** ********, ********* ** *** mullion ****** **** *** furnished **** * ****-*****/****** gang *** ******* *****.

**** ************ ****** *******, BluePass ** ******* *** the ********** **** ** door *********** *** **** standard ****** ******. *** reader ** ******** ** a **** ***** ******* housing **** *** **** status ********* **** ******* green ** ***** *****:

*******, *** ******* ******** dirt, *****, *** ************ in ****** *** *** looks ***** ***** ***** service ****. ****** *** excessive ******* ** *** test **** *****:

***** ****** ********** ******** cleaning ******** *******, * step *** ****** **** most ***** ******* **** typically **** * *****/*** glossy *******.

Short ****** *****

*** ****** '******' ***** of ****** ** ******'* reader *** ******** ** be *** ****** **** other ****** *******.

*** ***** ********* ** BluePass *** ******* '*******' or *** ***** ** to * ******* ******** of ** ******. *** sensitivity ** *** ******'* BLE ***** ** ******* one ******* ***** ******, with ** ******** ****** listed *** '*******' *** 'Closer' ********:

***** **** **** ** be ** **** ***** proximity ** *** ****** to ****** *******, **** when ***** ** *** to *** ******* '*******' setting. ****** ***** *** close ***** ** * security *******, **** *********** **** ***************:

** *** ******’* ********* reception ******** ** *** too ****, ** *** inadvertently **** **** ** employee’s ****** ****** *** allow ************ ***** **** the ******** ****** ********* a **** ****, ** touching, *** ******.

** ***** ** ****** tech ******* *** ******** the ***** **** ***** is ****** *** ******* of *** ******.

********' ******* ***** ** shorter *** **** ************ than ***** ****** ******* IPVM *** ******, ********* HID, ********* ****, ********, and *****.

*** ***** ***** ********** will ******* ******** **** being ****** ** ************ requiring ****** **** ****** like ******* ****** *****, many **********, *** *** be * ********* ********** for *** *************.

125 *** ****

******* ********** ** *** reader ** **** ** only '*****' ****** *** kHz ** *** ***********. No **.** *** ********** formats ** *** **** are *********.

******* *** ******* *** insecure *** *******, *** *** ** BluePass **** ********** ***** types, *** ****** ** commonly ******** **** '**** security' ****** **************.

**** **** ***********, ** the *** *** ***** cannot ** ********, **** if ***** **** ** exclusively *** *** *** credentials.

****** ***** ** **** if/when **.** *** ******* is ******** *** ********, users **** **** ** replace ******* ******* *** upgrades **** *** ** possible **** ******** ******.

No *** ********

** ******** ** *** required ***** *****, *** smartphone *** *** ** manual '******' ****** *** unlocking * **** *** visitors ** ****** *** users ******* ** *** 'secure ****' ** ** opening.

******'* ********* ********** *** has ** ******* ******* or ***** *******, *** once * ******** ********** is ***** ** * device ** *********** ****** to **** ******:

*** *** **** *** need ** ** ****** to ** ********, *** even * ****** ***** running ***** **** **** activate ***********.

** ****** **** **** 150 ******** *** *** credentials ** **** ******* and *******, ************ ** issues. ******** **** ******** in *** ********.

Web ****** ********** ****

*** ********'* *** ****** is ****** ** *** credentials *** ***/****** ***** to *** ******, ***** a ******** ********* *** available ** *** ********** apps.

**** ***** *** *****, emails *** **** ** their ****** ***** **** allow **** *** ******** their ****** ** *******:

****** ************** *** *** required ** **** ****** to **** ******* ** enroll ** ****** ***********, but *** *** ****** is *** ************ ** other ****** ******* *** essentially ** * ********* and *****-***** ***********.

*** '***** **********' ******** access ********** *********, **** csv ****** ***** *** be ******** **** *** portal, *** ********* *********** must ** ******* ********.

Credential ********** *****

******** *********** *** **** in *, **, *** 100 **********, **** ****** ranging **** ~$* - $8 **** ********* ** how **** *** *******.

***** '*******-***' ***** *** then ********** ** **** web ****** ********, **** individual ****** ******* ** specific *****.

** ***** ** ** validated *** * ******** site's ******** *******, *** Portal's **** ******* **** assign *** ***********, *** while ******** ****** *** be ******** *** **** this ************** **** ********* need ** ** ********** to ******* ****** ********* or ******** ******** ****.

One ********** *** ******

* ********* ******* **** BluePass *********** ** **** can **** ** ******** to * ****** *** time, *** ** ***** change, ****, ** *** multiple ******* **** **** need ** ******** ******** credentials ** *** **** on *******.

****** ********* ****:

******** ****** *********** *** only **** *** *** life ** *** ******** mobile ******. **** * new ****** ** *********, new *********** *** ********, even ** *** ***** number *** *** *******.

**** ********** **** ****** in ******** *********** ********* for ****** *****, *** could ***** **** **** to ******* *** ***** changing ******* ********** ** control ******** ********** *****.

Reader **** **********

******'* ****** ****** ** longer **** **** '******* mount' *******, *** ** available **** ** *** size, * ****** ********** of ****** ***** ************* **** ******.

*******, *** ****** ******* are ********* ** ******* sizes, ********* *** **** generally ********* '**** *****' R40 ****:

BluePass ** ******* ****

****** *** ********* ** BluePass, *** ********** **** between *** **** *** door *********** *** ** intercepted.

*** **** ** ********** to '*** ** *** middle' ******** ***$** ****** ** ************** **** **** ** physically ********* *** ****** in *** ***** ** reader *****:

******** ***** *** **** even ******* ** ******** a ****** ****** ** sensor ** *** ******, so ********** **** * device ***** *********** ** undetected ** *** ******.

Unlabeled *** ******** *****

*** ********* ******* ** BluePass ****** ** ** unlabeled ********* ******* **** the ***** ********* **********:

******'* ************* **** *** explain **** ** *** this ********* ** ******** or **/***** ** ****** be ********* ** ** access ******.

****** **** ******* *** not ******* *** ******* either, ****** ******* ** 'that ***** ** ******', unable ** ******* *** it ** ******** ** not ******.

***** *** * ***** factor, *** ********* *** terminated *** **** **** up ****** *** *** make ********** * ***** pigtail **** * ******** box ********* ** ***** is *****.

Versus *** *****/****** ***********

*** **** ** ******** is ****** ** ** higher **** *** ** used ** ***** ******* with **** ***** **** frequent ****** ****** ********.

***** ****** ********** ***** are ****** ** ** slightly ***** *** * one-time ******** **** ********, Nortek *********** *** ***-************ and ****** ** ******** to **** **** *** device, ********* ********** ******* ** ***** on '*** ****'. ** unlike ********, ******** ******* can ** ****** ***** HID ***** *********** *** a ****** ***** ** about $* *** **** versus ~$* *** **** Nortek ********** ******.

**** ******, *** ****** credential ** * ***-**** purchase **** *** ** used *** *** **** of *** ****** ** was ********, ***** *** is ** ****** ****.

Versus ********

**** ** *** **** 'cool ******' ******** ********* in ******* ********'* ******* are ******* ** ********, including *** '*****' ** open ******* *** ************* with **** *** *** Android *******.

******, ******** ********* **** of *** *** *** and ******* ************ **** BluePass *** ** ********** only **.** *** ******* and ********** **** **** the ****** ** **********.

** ***** ** *********** ****, **********'* *********** *******, *** ********* ****** at ~$*** ****, *** two ***** *** *********.

**** ********, ***** ** no ****** ********** ******** required. *******, ****** ******, Openpath ******* **** **** with ******** *********** *** the ****** ****** **** be **** *** * service *** ********* ******* for *********** ** ** valid.

Versus ******** *** *** *******

******** ** *** ***** of '***-***' *** *** readers, ******'* **** ** quite ****. **** *** example *** *** **** Midrange **** **** ******* ~$130 ****** ** ******'* ~$250 *****:

***** **** *******, ********'* 125 *** ************* ***** sense *** '******' ********* credentials, *** ** ******* are ********* ***** ***** physical *********** ****** **** mobile, **** ****** *** kHz ******* *** ******** available.

Nortek **** *** **********

****** ** ******* ******** to ****** ****************(******** ****** '***') ******* **.

*** *******'* ***** ***** shows *** **** ****** and **** ********, *** interestingly *** ******* *** available ** *** **** Nortek *******:

*** ***'* ******* ******** UniKey's '*****' ******* **** detects ***** **** ** the ******* * **** is *******, *********** ******** activating *** ****** ** intruders ****** ** ******* close **.

**********'* *** **** ****** substantial ************ **** ***** Nortek ********, **** ********** user *** ********** ********** without * *** ******, and ****** **** ****** command ******* ** *** app.

** **** ** ***** distribution-access***** ** ******** ****** profile **** ***** **** summer, *** **** ******* Touch ** ***********, *******, and ******** ** ***** then.

UniKey *****

**** ********, ****** ** relying ** *********** ******** development *** *** ****** platform. *************, **** ******* is **** ** * partnership ****'****** ***********' ********* ******:

** ***** ** ********* ***********, **** ******* *** developed *** '****** ***********' piece *** **** ******** from ****** **** ******* (see ******* **** ****), ****, ****, *** Honeywell.

Device ******* & ******** ****

  • ****** * **** ******* iOS **.*.*
  • ** ** ******* ******* 8.0.0 '****' ******** ******* H83030C
  • ****** ******** ********: *.*.**

Comments (1)

Undisclosed #1

07/11/19 04:33pm

**** ***********. * ***** definitely **** ** ***** due ** *** ****** support. **** ********** ***** to ** **** **********, I **** **** *** thinking *** *** ********* they *** ** ***** is **** *** ****. In *** **** *** selling ****** ***** ****** be *******.

** *** **** ** my **** * ****** if **** ***** ** pushed ** *** ****** to **** ******* ** *********** ** *** ** vague. ** ******** * controller *** ****** *** does *** **** *** which ******* ********* *** supported ** ***********.

Read this IPVM report for free.

This article is part of IPVM's 6,651 reports, 895 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports