Brivo Mobile Pass Opens Any Door by Smartphone

Author: Brian Rhodes, Published on Sep 25, 2015

One of the major trends in access control are 'mobile' credentials.

NFC and BLE have been fighting for the title but neither has really has taken off.

Now, Brivo has announced a new way of doing this that sidesteps the hassle, and claims to work with any door, any reader, and the majority of all smartphones in seconds.

In this note, we examine Brivo Mobile Pass, explaining how it works, what it costs and what potential security risks it has.

*** ** *** ***** ****** ** ****** ******* *** '******' ***********.

*** *** ******* **** ******** *** *** ***** *** ******* *** ****** has ***** ***.

***, ***** *** ********* * *** *** ** ***** **** that ********* *** ******, *** ****** ** **** **** *** door, *** ******, *** *** ******** ** *** *********** ** seconds.

** **** ****, ** ******* ***** ****** ****, ********** *** ** *****, **** ** ***** *** **** potential ******** ***** ** ***.

[***************]

No ****** ******

****** ***** ****** *********** **** ******* ******* ******* *** ******** smartphones, ***** **** ***** * ***** **** ******** ***** ********** app.

***** ****** ***** **** ***** ****** ** ******** *** ***, connecting ** *** **** ********** ******* *****'* ***** *******, *** essentially ******* *** '****** ******' ******* ** *** **** ******* the *** *********. **** **** ** ** **** ********* ** operator ******* *** *** *********** ** ******* / ***** ** any ********** ****.

** **** ***, *** **** ******** *** ****** *** ***** entirely *** **** ********** ******* *** ********** ******** *******.

App ***** ********

*** ***** ***** ***** ***** *** ***** ********:

************

*** ******** **** ***** **** *****'****** ******* **.* ******* *** *** *** ***** *******.

***** ****** ******

************** *** ****** * ****** **** ** ** ********** **********. Passes are ******* **** ****** ** ***** ** *** ******, *** users *** ***** ***** ***** ** ******** ** ****** **** if **********. * ****** **** ** **** *** *** ****** of *****, *** *** ** ********* ** **** **** ** certain ***** ** ** ************* *****. *******, **** **** * mobile **** ** ****** (** *** ** ***** ****** **** Brivo's ********** ********), ** ******** * ****.

*********** ****

***** **** ****** ****** **** ** ********* ** *** *** ******* operating ******* *** *** ***** ****** ******* **** *******, ****, etc.

Mobile **** **** **********

***** ***** ****** ***** **** * '****' ****** ******. ********** passes *** ********* ** $** *** ***. ***** **** **** ** effectively ~** ***** *** ****, **** ** ****** *********** ********** compared ** ******* ****** ***** ***** *** *** ** **** **** the ****** ****.

******** *****

****** ****'* ******* **** ** *** **** **** *** **** to ** **** * **** ** ****** **, ****** *** and ***. *** *******, **** *****'* ****** ****, * **** could **** *** **** ** *** **** **** ******** **** they *** ********** ***, ********** ** *** *** **** **** are. ******* **** ******* ************* ** ** *******, *** ******* that ************ *********** *** **** ********** ****** ** * ********** risk.

*** ****** *** ** ***** **** ** *** ****** *** to ******* ***** ** ****** ***** ** *** ****, *** is ******** ** *** ** *****-******* ******* **** ********. ***** says **** *** ******* ** ****:

"** *** **** *******, ***** ****** **** **** *********** ********** ******** ***** *** ******* *** ****** user ** ** ****** * ********* ******** ** *** **** (***** GPS) ** ** *** ***** **** *******. "

*******, ***** **** ** *****, ***** ****** ** ********.

*** ***** **** ** *** ***** *** ** *** **** a ******** *** ***** *****. ** **** *****, ****** ******* ** ******** those ***** ***** **** *** ***** ****** *** *** ****** *** door **** ***** *** **** **********.

****

Comments (31)

Billy Guthrie

09/25/15 05:58pm

** ******** **** ** ******* **** * ********** *** ** (Card ******) ********** ***********, * ***** **** *** *** ** the ********** ** ******* ***** **** *** *****. *********** *** alongside * ********* ****** ***** ** *** **** ** ** opinion. ***********, *** ***** ******* ** *** ** *** ***** that ***** ** ************* ****** *** ********** *******. *** *** would **** *** **** ****** *** ******* ** ** * CA **********. **** ** ***** ** *** *** *******, *** phone ***** **** *** *******; **** ********* * ****** ** inches ** *** ****** ** ***** *** ******** ****** ******** were ** ** ******** **** **** ** -**** ** ***** transmit *** ** ********** ********* *** ***.

Undisclosed #1

09/25/15 06:22pm

********** ****** *** ********* ** $** *** ***. ***** **** this ** *********** ~** ***** *** ****, **** ** ****** inexpensive ********** ******** ** ******* ****** ***** ***** *** *** or **** **** *** ****** ****.

** ***** *** *** **** ** **** ** "***********", ** "rather ****** *** ******** ** ***** ****".

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #1 | 09/25/15 06:27pm

***** *** *****.

John Honovich

IPVM | In reply to Undisclosed #1 | 09/25/15 07:12pm

****** **, **** **** ******* **** **** ******** *** ****? :)

Undisclosed #1

In reply to John Honovich | 09/25/15 08:21pm

****** **, **** **** ******* **** **** ******** *** ****? :)

***.

*** *** ****** ******** ** ****.

*** ******* ****** ******** ** ****.

*** ****** *** ** ****.

*** ****** ******* ******* ** ****.

*** *****-***** ****** *** ******** ***** ** ****.

John Honovich

IPVM | In reply to Undisclosed #1 | 09/25/15 08:25pm

"** ****"

*** ** ******* ****. "** ******** ** *** ***** ** the ******** *******."

** *** ***********, ******** ***** ******* *** ******** **** ******** physical ******* (** **** * ****) ** **********.

Vlad Craciunescu

09/25/15 06:24pm

***** ** **** ****** ****** *********** ***** **** **** *** *** *** , *** **** sell * ****** *** ****, ****** *** **** ********* ***...** just ******* **** **** *** ** ***** **** ** ***.

Undisclosed Integrator #3

In reply to Vlad Craciunescu | 09/26/15 01:05am

****** *** **** ** ******

Undisclosed #2

09/25/15 08:10pm

***, ***** *** ********* * *** *** ** ***** **** that ********* *** ******, *** ****** ** **** **** *** door,any ******, and the majority of all smartphones in seconds.

*** ******, ** **** *** **** **** *** ******* ********** into *****?

John Honovich

IPVM | In reply to Undisclosed #2 | 09/25/15 08:13pm

"*** ******** **** ***** **** *****'****** ******* **.******** *** *** *** ***** *******."

Undisclosed #2

In reply to John Honovich | 09/25/15 09:36pm

* ****'* **** ***** **** * ******.

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #2 | 09/25/15 09:39pm

****** **** *****'* *** * ****** ** ****.

John Honovich

IPVM | In reply to Undisclosed #2 | 09/25/15 09:40pm

*** ****** ****** ** ********** ****. ****'* *** *****.

Undisclosed #2

In reply to John Honovich | 09/25/15 09:44pm

****** ****.

** **** ***, *** **** ******** *** ****** *** ***** entirely *** **** ********** ******* *** ********** ******** *******.

Keefe Lovgren

IPVMU Certified | 09/25/15 08:58pm

* ** ****** ********* ** *** ******* ** *** ****, over **** **** **** ****** ********** ** * *** **** is ***********. * ***** ** ******* ** **** *** **** people **** ** ** * *** **** **. **** ****.

*********** *** **** ** * ******* *** **** **** *** and ** **** ******* ***** **** ******* ** *** **** it...

John Honovich

IPVM | In reply to Keefe Lovgren | 09/25/15 09:02pm

*****, **** ********!

*****'* **** ** ***** ** *** ** *** ***** ** be ************* **********. ** *** **** **** *** ** ***** split *** ******* **** ***** **** *********** **** **** *** 50 - ** *****.

Brian Rhodes

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:08pm

****** *****. ******* ** ** **** ** *****, *** **** the ******** ********, *** **** ** ** ****** ** * local **** ******* **** *** *********** *** **** **, *****?

*** ***** ******** **** *** **** ****/ **** * ******** network ***** *** ********** ****** **** ** '*** *****', *** on * ***** ******.

Keefe Lovgren

IPVMU Certified | In reply to Brian Rhodes | 09/25/15 09:27pm

*****,

** *** ** ****** *** ** ***. * ********** **** only ***** ********* ** *** ****** *** ***** ***** **** have *** ** *** ****** *** *****.

Keefe Lovgren

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:31pm

**** *********** ****** ********** ****:

****** ********** ***** **** ******** *******-* ****** *.* (** ******) software ** ******* * ********** ***** ********** **** *** ** used ** *** ** *** **** ** * ****** ** person *****. ****** ** ********* *** ********** ** ** *** corporate ******* ******** *** ****, **** ********* ********* ** *** building, ** *** *** ******** ********** ******** *** ** ****** Credential **** ******** * **** ********** *** ** **** **** the **********. ** *** ************, **** ****** *** ** ******** to ** ** ********* ** *** ******** (****** **** *****) while ****** *** *** ***** ****** ********** **** ******** ** the *************’* **********.

Brian Rhodes

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:44pm

***********. ****** *** ******** ** **!

Undisclosed #2

09/25/15 09:59pm

*** *******, **** *****'* ****** ****, * **** ***** **** any **** ** *** **** **** ******** **** **** *** authorized ***.

* ***** *** **** ***** **** **** ****** *** ******** as ****, ** *** ****** **, ******* ** ***** ** meet ****. ******* **** ** ********* ** ******* ******.

********* **** *** *******/*********** ****** *** **** *** ******** *** the ***** ****. ***** ****** ******* * ******** *** *** length ** **** ******* *** *****/******** ********** ** **** * imagine ** * ********* *** **********.

** ****** **** **** **** ***** **** ***** ******* *******, but *** **** *** ****** ******* ******** ******** ********** **** 4G ** *** ***.

Ethan Ace

IPVM | 09/25/15 10:04pm

********* **** *** *******/*********** ****** *** **** *** ******** *** the ***** ****. ***** ****** ******* * ******** *** *** length ** **** ******* *** *****/******** ********** ** **** * imagine ** * ********* *** **********.
** ****** **** **** **** ***** **** ***** ******* *******, but *** **** *** ****** ******* ******** ******** ********** **** 4G ** *** ***.

**** ** *** **** **** **** **** ***** **** ******* systems? **** *****?

Undisclosed #2

In reply to Ethan Ace | 09/26/15 12:43am

* ******* ***** *** ** ***** **** **** ** ************* in ***** ******* ***** ***** ******** *** ** ******** ** cloud ******* **************.

*** * *** *** **** ** ** ****** ****** ** the **** ** **** * **** *******'* ****** ******* *********** are ****** *******.

** *** *** *******, **** *********** ***** ** ** ******** new ***** *** ****.

Wayne Jared

09/27/15 04:53pm

********' ****** ********** *** ******** ** **** **** *** **** that ***** *** * ****** *** ** *** * ********** for ****** ******* **** **** *********** *** *** ****/****** ***********, we ***** **'* ***** **** ***** *** ****** **.

*** ******* ****** *** *** ** * '****** ******', *** it's **** **** ** *** **** ** ********* *** **** the *** ****. ***, ****'* *** **** ** **, **'** been **** ******* ** **** **** **** *** ********** ** secure **** **** ** ********** *********** *** **** **** ** the ***** ** ** ****** ** *******. **** ****** ********** the ***** *****'* **** *** ** ** * ****** ******, it **** ***** *** ** ******* * ********** ** *** system *** *** *** ****** ** *** *** ******** ******. I ***** ******* ***** *** **** ********* ******* ** ****.

*** ************* ****** ** ********, ** ** ******** ************, *** can ****** ** **** **** ***** *** ******** ** *** limit **** ** **** ********* ** *** ******** (**** ******), and ****** * ****** **, ******** **** ** ***** ****** from ********. ** *** ***** ******** **'** ********** ** ****, this **** ** ****** **** **** *** ****** ** ******.

**** *****'* **** *** **** **** **** ********, *** ** need ** *** ****** ** *********** ****, ** **** *** can ********* *** ***** ** ***** ************* ******* *** ******** mobile ********** *** - **** ****, ***** **, ******, ***. via *** ***** ******, **** ** ***** ** ***** *** certified **** ** ********.

John Honovich

IPVM | In reply to Wayne Jared | 09/27/15 05:09pm

"**** ****** ********** *** ***** *****'* **** *** ** ** a ****** ******, ** **** ***** *** ** ******* * credential ** *** ****** *** *** *** ****** ** *** the ******** ******."

*****, *** **** ******** ****** **** *** ****** **? ** other *****, ** * ** ** ******** ** * ******* who **** ******** *** *** ****** ********** ******* ** ** phone. * ***'* ** ** ******?

Wayne Jared

In reply to John Honovich | 09/28/15 02:27am

****,

**'* * *** ***** ********* *** ** *********. '********* ******' typically ***** * ****** ******, ******* **** *** ********** ********. But **** **** ***** *** **** ******* *** **** ** effectively *********. ** (*** *'* ***** ******** ****) **** **** someone ******** *** ********* ****** *** **** ** *** ** knowing *** ******** **** ******* *** ****. ** ********* ****** in **** ******* ** *** ****** **** ******. ***** *** been ***** ****** ** *** ** *** *********** (*** *****) on ******* ******* * ********** **** **** ********* ******* ***** door ** * ******, ** *** ****** ** ****** ***** a ******** ****** ********* ***** ** *************.

**** *** ***** **** ** * **********, **** * ********** is *********, *** ****** ** ******* ***** ** *** *******. i.e. '**** **** **** ****** ** **** **** ** **** time?'. **** *******/***** ** ****** ** *** **** *** **** through *** ****, ** ** ***** *** ********* ***** **********. There ** ******* ** *** ***** ** ***** ****** *** credential. ********* ** ******** *******'* *********** ** ********* *** ****'* on ***** ********** ******* ******** *** ** ** *********** ******* any **** ** **** ** **** ******** ** *** **********.

** **** **** ****** ******* ** *** **** **** ** one *** ***: **** ***** ** ****** ********** **** ** rights ** *** **** *** ******** *** ********* ** ****** to ******* *** ******* ** *** ****** ***** **** *** their **********. **** ** ***'* ***** *** **********-**** ******** **** it.

John Honovich

IPVM | In reply to Wayne Jared | 09/28/15 11:31am

*****, * ***** ***'* ********** **** *** *** ******** ** do. *** ** *** ****** **** *** ****** *** '********* unlocks' * **** ***** * ****** ********** ** ** *** door ** **** ***** ****?

Undisclosed #2

In reply to John Honovich | 09/28/15 03:30pm

*** ** *** ****** **** *** ****** *** '********* *******' a **** ***** * ****** ********** ** ** *** **** at **** ***** ****?

****, **'* ****** **** ****** ********** *****'* ** * "********* unlock".

*******, *** ****** **** * ************ ****, **** ** ***** with * **** ****, *** **** ********** ***** **** *** credenditial **** **** *** ***** ** *** ** *** ****** instead ** *** ******.

* "********* ******" **** *** ********** ********, ** *** ***** hand, **** **** *** ******** *** ******** ********* *** ******, not *** ** *** ****** ***. ** **** **** *** require **** *** ****** *** ********** ******* ****** ****** ** granted ** *** *********.It's * **** ******** "****-**".

******* ****** ****** "******* **** *** ****** *** '********* *******' is ** *** **** ** **** ***** ****.", ***** **** using *** ****** ******* *** ***** ** ******** ****** *** world, ***

**** *******/***** ** ****** ** *** **** *** **** ******* the ****,or ** ***** *** ********* ***** **********.

**;**

'********* ******' **** **** *** ******** ********** *** ****** *** does *** ******* *** ****** ********* ******* ****** ****** ** granted ** *** ****** *********. ** "** *** ** ******* who" ** **** ****.

****** ********** **** *** ****** ********** *** ****** *** ******* they **** ********* * ***** **********. **** *** **** ** least *** ********* *** ******** *******, ****** *** ***'* ** sure **** *** ******** ** *** **** ** ****** **** the **** ** *** ******.

Brad Silvernail

09/27/15 04:59pm

********** - ** *** * ***** ******. ** ***** ***** Mobile **** ** ****** *********. * ***** *** ******** ** very ********** *** ******* ** *** * *******. *** ***** performance *** ****** ************* - ****** ** ***. ****, *** entry ** *** ******** *** ******** **** *** ** ******.

**** ** ***** ** ** ******** - ***. ********* ******* for *****-****** ********** - **** ** ***** - ***** *** having ** *** *** **** * ******** ****** ***** ** beneficial. ** ******* ** ***** *******. ***** *** ***** ********* with "******" ******** ********, ***** **** *** ***-******* ******* ** available.

*** ******* * **** ** *** ****** ** ***** *** and ********* ** ** ***** *** *** **** - **** one **** ******* ******.

* ***** ***** * ***** ************ ** **** ***** ** the ****** ***** ** ****'* **** *** **** ******* ** all *** *****!

Undisclosed #2

In reply to Brad Silvernail | 09/27/15 05:04pm

**** ** ***** ** ** ******** - ***. ********* ******* for *****-****** ********** - **** ** ***** - ***** *** having ** *** *** **** * ******** ****** ***** ** beneficial. ** ******* ** ***** ******.

******* ******* ** ***** **** *** ***-***** ******* *:**** *** 1:30PM ** ***********.

Bill Sowar

In reply to Undisclosed #2 | 09/30/15 04:31pm

**** ******** **** **** ******** **** *****/******** *********. *** ** someone ***** ** *** *'* *** ****** ** ******** * can **** ** *** ****** ***, ****** ** ***** **** are ******** ** *** **** *** *** **** ** ** not. (* ***** **** **** **** ** ***** ****** ** limit *********** *** ***- *******)

- **** **** *** *** ********* *** **** *****/******/***** ** they **** ***** *** *** ****.

- ********** ****** ** ** ****** *** * ***********. ** I ** ** ***** ** ** * ****** ** **** to **** * **** ** *****. *** **** **** *** opened *** ****, ** ***** ** ***** ** ***** ***** if ****** *** **** ******** ******* ***** *** **** *** world.

Login to read this IPVM report.

Why do I need to log in?

IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Uniview Recorder Backdoor Examined on Oct 20, 2017

A Chinese research group has identified a vulnerability in Uniview recorders that allows backdoor access in a method similar to the Dahua...

Hikvision Access Control Tested on Oct 19, 2017

Hikvision aggressive pricing and marketing combined with generally reliable hardware and free software has made them a major player in video...

Verkada, Silicon Valley VSaaS Startup, Targets Enterprise on Oct 19, 2017

Verkada says they are building an enterprise-class VSaaS offering, calling it "The new platform for video security". This is a departure from the...

Exacq Unbreaks Avigilon Integration on Oct 18, 2017

For nearly 4 years, Exacq had broken and effectively blocked use with Avigilon cameras, as IPVM reported in January 2014. Now, Exacq has...

Search More Important Than Live Monitoring - Statistics on Oct 18, 2017

Search is overall more important than live monitoring to integrators, according to new IPVM statistics. The key themes found in integrator...

Axis 'Sold Out' P3707-PVE Multi-Imager Tested on Oct 18, 2017

Axis faced significant product shortages over the summer. Perhaps the most notorious and significantly sold out model was the Axis P3707-PE 8MP...

Dahua Removes Auto Rebooting on Oct 17, 2017

For years, Dahua has automatically programmed its IP cameras to reboot weekly, a highly atypical and questionable practice. Following IPVM...

Deep Learning Tutorial For Video Surveillance on Oct 17, 2017

Deep learning is a growing buzzword within physical security and video surveillance. But what is 'deep learning'? In this tutorial, we explain...

Multipoint Lock Access Control Tutorial on Oct 17, 2017

Doors are notoriously weak at stopping entry, and money can be misspent on wrong locks that leave doors quite vulnerable. While closed and locked...

Brivo Mobile Pass Opens Any Door by Smartphone

Comments (31)

Billy Guthrie

Undisclosed #1

Brian Rhodes

John Honovich

Undisclosed #1

John Honovich

Vlad Craciunescu

Undisclosed Integrator #3

Undisclosed #2

John Honovich

Undisclosed #2

Brian Rhodes

John Honovich

Undisclosed #2

Keefe Lovgren

John Honovich

Brian Rhodes

Keefe Lovgren

Keefe Lovgren

Brian Rhodes

Undisclosed #2

Ethan Ace

Undisclosed #2

Wayne Jared

John Honovich

Wayne Jared

John Honovich

Undisclosed #2

Brad Silvernail

Undisclosed #2

Bill Sowar

Login to read this IPVM report.

Most Recent Industry Reports

Member Login