Nortek Blue Pass Mobile Access Reader Tested

By: Brian Rhodes, Published on Jul 11, 2019

Nortek claims BluePass mobile readers are a 'more secure and easy to use approach to access', but our testing uncovered security problems and usability issues compared to other mobile readers.

free image1 2 - Nortek BluePass Mobile Reader Tested

Inside, we examine:

  • The biggest strengths and problems with BluePass
  • Testing Nortek's mobile app performance with both Android and iPhone
  • The prices we paid for BluePass credentials and mobile reader
  • Overview explaining BluePass' configuration to IPVM's test access system
  • A mysterious, and unused, extra pigtail connector
  • An explanation of Nortek OEM ProDataKey's mobile reader
  • The platform's strengths & weaknesses compared to others

Upcoming Mobile Shootout

Later this summer, IPVM will publish a shootout of mobile credential platforms including BluePass and a number of other tested products:

****** ************** ****** ********** * '**** ****** and **** ** *** approach ** ******', *** our ******* ********* ******** problems *** ********* ****** compared ** ***** ****** readers.

free image1 2 - Nortek BluePass Mobile Reader Tested

******, ** *******:

  • *** ******* ********* *** problems **** ********
  • ******* ******'* ****** *** performance **** **** ******* and ******
  • *** ****** ** **** for ******** *********** *** mobile ******
  • ******** ********** ********' ************* to ****'* **** ****** system
  • * **********, *** ******, extra ******* *********
  • ** *********** ** ****** OEM **********'* ****** ******
  • *** ********'* ********* & weaknesses ******** ** ******

Upcoming ****** ********

***** **** ******, **** will ******* * ******** of ****** ********** ********* including ******** *** * number ** ***** ****** products:

[***************]

Key ********

********* ** ******** *******:

  • ******* : ******* ***** * 'mobile' *******, *** **** shows ***** ****** ** farther **** ~* **** away **** *** ****** or **** *********** ****** be '****'.
  • *** ***, ******* ****: *** ** ********' biggest ****** ** ******* 'high ********' **.** *** formats ** **** ** supported, *********** ********* *** device **** ***** **** in **** ******* *** not ******* *************.
  • ** *** ********: ******'* ********** *** does *** ******* ****** unlock *******, ******* ***** cannot ******** ***** ******* access **** ******.
  • *** ****** ********: ******** ** *** integrated **** **** ****** platforms, requiring *** ******** *** management ** * ********* access ****** ****** ** Nortek's ******.

******** *** ********* *******:

  • ** ****** ************: ** **** **** *** attempts, ** ****** **** failed ** **** ** either *** *** ** Android **** ******.
  • ****** '*****' *******:**** ********, ***** *** have ***** ***** ** their ****** ** *****, and ****** ********** *** reader ******** *** ******** ** users ** *****.  *** all ****** ******* ******* this *******, ***** ** useful **** ********** ****** **** pockets ****** ******.
  • ******* *****:****** **** '****** *****' readers, ******** *** * sealed ********* *** ** IP65 *****. ** ****** unit *********** ******* ** direct **** *** ****, and *** ****** ********* as *******.

BluePass ****** ******

******'* **** ******-***** ****** is ***~$*** ********, ********* ** *** mullion ****** **** *** furnished **** * ****-*****/****** gang *** ******* *****.

**** ************ ****** *******, BluePass ** ******* *** the ********** **** ** door *********** *** **** standard ****** ******. *** reader ** ******** ** a **** ***** ******* housing **** *** **** status ********* **** ******* green ** ***** *****:

*******, *** ******* ******** dirt, *****, *** ************ in ****** *** *** looks ***** ***** ***** service ****. ****** *** excessive ******* ** *** test **** *****:

***** ****** ********** ******** cleaning ******** *******, * step *** ****** **** most ***** ******* **** typically **** * *****/*** glossy *******.

Short ****** *****

*** ****** '******' ***** of ****** ** ******'* reader *** ******** ** be *** ****** **** other ****** *******.

*** ***** ********* ** BluePass *** ******* '*******' or *** ***** ** to * ******* ******** of ** ******. *** sensitivity ** *** ******'* BLE ***** ** ******* one ******* ***** ******, with ** ******** ****** listed *** '*******' *** 'Closer' ********:

***** **** **** ** be ** **** ***** proximity ** *** ****** to ****** *******, **** when ***** ** *** to *** ******* '*******' setting. ****** ***** *** close ***** ** * security *******, **** *** ******** **** ***** **********:

** *** ******’* ********* reception ******** ** *** too ****, ** *** inadvertently **** **** ** employee’s ****** ****** *** allow ************ ***** **** the ******** ****** **
******* * **** ****, or ********, *** ******.

** ***** ** ****** tech ******* *** ******** the ***** **** ***** is ****** *** ******* of *** ******.

********' ******* ***** ** shorter *** **** ************ than ***** ****** ******* IPVM *** ******, ********* HID, ********* ****, ********, and *****.

*** ***** ***** ********** will ******* ******** **** being ****** ** ************ requiring ****** **** ****** like ******* ****** *****, many **********, *** *** be * ********* ********** for *** *************.

125 *** ****

******* ********** ** *** reader ** **** ** only '*****' ****** *** kHz ** *** ***********. No **.** *** ********** formats ** *** **** are *********.

******* *** ******* *** insecure *** *******, *** *** ** BluePass **** ********** ***** types, *** ****** ** commonly ******** **** '**** security' ****** **************.

**** **** ***********, ** the *** *** ***** cannot ** ********, **** if ***** **** ** exclusively *** *** *** credentials.

****** ***** ** **** if/when **.** *** ******* is ******** *** ********, users **** **** ** replace ******* ******* *** upgrades **** *** ** possible **** ******** ******.

No *** ********

** ******** ** *** required ***** *****, *** smartphone *** *** ** manual '******' ****** *** unlocking * **** *** visitors ** ****** *** users ******* ** *** 'secure ****' ** ** opening.

******'* ********* ********** *** has ** ******* ******* or ***** *******, *** once * ******** ********** is ***** ** * device ** *********** ****** to **** ******:

*** *** **** *** need ** ** ****** to ** ********, *** even * ****** ***** running ***** **** **** activate ***********.

** ****** **** **** 150 ******** *** *** credentials ** **** ******* and *******, ************ ** issues. ******** **** ******** in *** ********.

Web ****** ********** ****

*** ********'* *** ****** is ****** ** *** credentials *** ***/****** ***** to *** ******, ***** a ******** ********* *** available ** *** ********** apps.

**** ***** *** *****, emails *** **** ** their ****** ***** **** allow **** *** ******** their ****** ** *******:

****** ************** *** *** required ** **** ****** to **** ******* ** enroll ** ****** ***********, but *** *** ****** is *** ************ ** other ****** ******* *** essentially ** * ********* and *****-***** ***********.

*** '***** **********' ******** access ********** *********, **** csv ****** ***** *** be ******** **** *** portal, *** ********* *********** must ** ******* ********.

Credential ********** ***** 

******** *********** *** **** in *, **, *** 100 **********,  **** ****** ranging **** ~$* - $8 **** ********* ** how **** *** *******.

***** '*******-***' ***** *** then ********** ** **** web ****** ********, **** individual ****** ******* ** specific *****.

** ***** ** ** validated *** * ******** site's ******** *******, *** Portal's **** ******* **** assign *** ***********, *** while ******** ****** *** be ******** *** **** this ************** **** ********* need ** ** ********** to ******* ****** ********* or ******** ******** ****.

One ********** *** ******

* ********* ******* **** BluePass *********** ** **** can **** ** ******** to * ****** *** time, *** ** ***** change, ****, ** *** multiple ******* **** **** need ** ******** ******** credentials ** *** **** on *******.

****** ********* ****:

******** ****** *********** *** only **** *** *** life ** *** ******** mobile ******. **** * new ****** ** *********, new *********** *** ********, even ** *** ***** number *** *** *******.

**** ********** **** ****** in ******** *********** ********* for ****** *****, *** could ***** **** **** to ******* *** ***** changing ******* ********** ** control ******** ********** *****.

Reader **** **********

******'* ****** ****** ** longer **** **** '******* mount' *******, *** ** available **** ** *** size, * ****** ********** of ****** ***** **** ********* **** ******.

*******, *** ****** ******* are ********* ** ******* sizes, ********* *** **** generally ********* '**** *****' R40 ****:

BluePass ** ******* ****

****** *** ********* ** BluePass, *** ********** **** ******* the **** *** **** controllers *** ** ***********.

*** **** ** ********** to '*** ** *** middle' ******** *** $** ****** ** ******* ******* **** **** ** physically ********* *** ****** in *** ***** ** reader *****:

******** ***** *** **** even ******* ** ******** a ****** ****** ** sensor ** *** ******, so ********** **** * device ***** *********** ** undetected ** *** ******.

Unlabeled *** ******** *****

*** ********* ******* ** BluePass ****** ** ** unlabeled ********* ******* **** the ***** ********* **********:

******'* ************* **** *** explain **** ** *** this ********* ** ******** or **/***** ** ****** be ********* ** ** access ******.

****** **** ******* *** not ******* *** ******* either, ****** ******* ** 'that ***** ** ******', unable ** ******* *** it ** ******** ** not ******.

***** *** * ***** factor, *** ********* *** terminated *** **** **** up ****** *** *** make ********** * ***** pigtail **** * ******** box ********* ** ***** is *****.

Versus *** *****/****** ***********

*** **** ** ******** is ****** ** ** higher **** *** ** used ** ***** ******* with **** ***** **** frequent ****** ****** ********.

***** ****** ********** ***** are ****** ** ** slightly ***** *** * one-time ******** **** ********, Nortek *********** *** ***-************ and ****** ** ******** to **** **** *** device, ****** *** ***** ***** ******* ** ***** on '*** ****'. ** unlike ********, ******** ******* can ** ****** ***** HID ***** *********** *** a ****** ***** ** about $* *** **** versus ~$* *** **** Nortek ********** ******.

**** ******, *** ****** credential ** * ***-**** purchase **** *** ** used *** *** **** of *** ****** ** was ********, ***** *** is ** ****** ****.

Versus ********

**** ** *** **** 'cool ******' ******** ********* in ******* ********'* ******* are ******* ** ********, including *** '*****' ** open ******* *** ************* with **** *** *** Android *******.

******, ******** ********* **** of *** *** *** and ******* ************ **** BluePass *** ** ********** only **.** *** ******* and ********** **** **** the ****** ** **********.

** ***** ** *** ******** ****, **** ******'* *********** *******, *** ********* ****** at ~$*** ****, *** two ***** *** *********.

**** ********, ***** ** no ****** ********** ******** required. *******, ****** ******, Openpath ******* **** **** with ******** *********** *** the ****** ****** **** be **** *** * service *** ********* ******* for *********** ** ** valid.

Versus ******** *** *** *******

******** ** *** ***** of '***-***' *** *** readers, ******'* **** ** quite ****. **** *** example *** *** **** Midrange **** **** ******* ~$130 ****** ** ******'* ~$250 *****:

***** **** *******, ********'* 125 *** ************* ***** sense *** '******' ********* credentials, *** ** ******* are ********* ***** ***** physical *********** ****** **** mobile, **** ****** *** kHz ******* *** ******** available.

Nortek **** *** **********

****** ** ******* ******** to ****** ****************(******** ****** '***') ******* **.

*** *******'* ***** ***** shows *** **** ****** and **** ********, *** interestingly *** ******* *** available ** *** **** Nortek *******:

*** ***'* ******* ******** UniKey's '*****' ******* **** detects ***** **** ** the ******* * **** is *******, *********** ******** activating *** ****** ** intruders ****** ** ******* close **.

**********'* *** **** ****** substantial ************ **** ***** Nortek ********, **** ********** user *** ********** ********** without * *** ******, and ****** **** ****** command ******* ** *** app.

** **** ** ***** distribution-access***** ** ******** ****** profile **** ***** **** summer, *** **** ******* Touch ** ***********, *******, and ******** ** ***** then.

UniKey *****

**** ********, ****** ** relying ** *********** ******** development *** *** ****** platform. *************, **** ******* is **** ** * partnership ****'****** ***********' ********* ******:

** ***** ** *** ****** ******* ****, **** ******* *** developed *** '****** ***********' piece *** **** ******** from ****** **** ******* (see *** **** **** ****), ****, ****, *** Honeywell.

Device ******* & ******** ****

  • ****** * **** ******* iOS **.*.*
  • ** ** ******* ******* 8.0.0 '****' ******** ******* H83030C
  • ****** ******** ********: *.*.**

Comments (1)

**** ***********. * ***** definitely **** ** ***** due ** *** ****** support. **** ********** ***** to ** **** **********, I **** **** *** thinking *** *** ********* they *** ** ***** is **** *** ****. In *** **** *** selling ****** ***** ****** be *******.

** *** **** ** my **** * ****** if **** ***** ** pushed ** *** ****** to **** ******* ** *********** ** *** ** vague. ** ******** * controller *** ****** *** does *** **** *** which ******* ********* *** supported ** ***********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Nortek Mobile Access Reader BluePass Examined on Feb 12, 2019
Nortek's Linear access control division claims to make mobile credentials "more secure and easier to use than ever before" with their BluePass...
Proxy Access Control Tested on May 09, 2019
Silicon Valley Access Startup Proxy raised $13.6 Million in May 2019, focusing on mobile physical access control. Beyond the fund raising, Proxy...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
Farpointe Data Conekt Mobile Access Reader Tested on Jun 13, 2019
California based Farpointe Data has been a significant OEM supplier of conventional access readers for years to companies including DMP, RS2, DSX,...
HID Mobile Tested on Jun 21, 2019
HID Global is one of the largest access brands, but their mobile access has had challenges. Indeed, the company has already restructured their...
Mobile Access Control Shootout - Farpointe, HID, Openpath, Nortek, Proxy on Jul 29, 2019
One of the biggest rising trends in access control is using phones as credentials but which offering is best? IPVM has tested five of the...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
HID Fingerprint Reader Tested on Oct 09, 2019
HID has released their first access reader to use Lumidigm optical sensors, that touts it 'works with anyone, anytime, anywhere'. We bought and...

Most Recent Industry Reports

Motorola / Avigilon Drops ISC West on Feb 26, 2020
Motorola Solutions has pulled out of ISC West 2020 effective immediately, because of coronavirus concerns, IPVM has learned. This is done amidst...
Cancel or Not? Industry Split Over ISC West on Feb 26, 2020
The industry is split, polarized, over whether ISC West 2020 should run or be canceled. New IPVM survey results of 400+ respondents show heated...
Coronavirus Hits Sony, Bosch Says Switch on Feb 26, 2020
Sony's fall in video surveillance has been severe over the past decade. Now, they may be done. In this note, we examine Bosch's new...
Video Surveillance Cameras 101 on Feb 25, 2020
Cameras come in many shapes, sizes and specifications. This 101 examines the basics of cameras and features used in 2020. In this report, we...
Favorite Video Analytic Manufacturers 2020 on Feb 25, 2020
Video analytics is now as hot as ever, driven by the excitement of advancing deep learning offers. But what are actually integrator's...
Latest London Police Facial Recognition Suffers Serious Issues on Feb 24, 2020
On February 20, IPVM visited another live face rec deployment by London police, but this time the system was thwarted by technical problems and...
Masks Cause Major Facial Recognition Problems on Feb 24, 2020
Coronavirus is spurring an increase in the use of medical masks, which new IPVM test results show cause major problems for facial recognition...
Every VMS Will Become a VSaaS on Feb 21, 2020
VMS is ending. Soon every VMS will be a VSaaS. Competitive dynamics will be redrawn. What does this mean? VMS Historically...
Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...