Brivo Mobile Pass Opens Any Door by Smartphone

Author: Brian Rhodes, Published on Sep 25, 2015

One of the major trends in access control are 'mobile' credentials.

NFC and BLE have been fighting for the title but neither has really has taken off.

Now, Brivo has announced a new way of doing this that sidesteps the hassle, and claims to work with any door, any reader, and the majority of all smartphones in seconds.

In this note, we examine Brivo Mobile Pass, explaining how it works, what it costs and what potential security risks it has.

*** ** *** ***** ****** ** ****** ******* *** '******' ***********.

*** *** ******* **** ******** *** *** ***** *** ******* *** ****** has ***** ***.

***, ***** *** ********* * *** *** ** ***** **** that ********* *** ******, *** ****** ** **** **** *** door, *** ******, *** *** ******** ** *** *********** ** seconds.

** **** ****, ** ******* ***** ****** ****, ********** *** ** *****, **** ** ***** *** **** potential ******** ***** ** ***.

[***************]

No ****** ******

****** ***** ****** *********** **** ******* ******* ******* *** ******** smartphones, ***** **** ***** * ***** **** ******** ***** ********** app.

***** ****** ***** **** ***** ****** ** ******** *** ***, connecting ** *** **** ********** ******* *****'* ***** *******, *** essentially ******* *** '****** ******' ******* ** *** **** ******* the *** *********. **** **** ** ** **** ********* ** operator ******* *** *** *********** ** ******* / ***** ** any ********** ****.

** **** ***, *** **** ******** *** ****** *** ***** entirely *** **** ********** ******* *** ********** ******** *******.

App ***** ********

*** ***** ***** ***** ***** *** ***** ********:

************

*** ******** **** ***** **** *****'****** ******* **.* ******* *** *** *** ***** *******.

***** ****** ******

************** *** ****** * ****** **** ** ** ********** **********. Passes are ******* **** ****** ** ***** ** *** ******, *** users *** ***** ***** ***** ** ******** ** ****** **** if **********. * ****** **** ** **** *** *** ****** of *****, *** *** ** ********* ** **** **** ** certain ***** ** ** ************* *****. *******, **** **** * mobile **** ** ****** (** *** ** ***** ****** **** Brivo's ********** ********), ** ******** * ****.

*********** ****

***** **** ****** ****** **** ** ********* ** *** *** ******* operating ******* *** *** ***** ****** ******* **** *******, ****, etc.

Mobile **** **** **********

***** ***** ****** ***** **** * '****' ****** ******. ********** passes *** ********* ** $** *** ***. ***** **** **** ** effectively ~** ***** *** ****, **** ** ****** *********** ********** compared ** ******* ****** ***** ***** *** *** ** **** **** the ****** ****.

******** *****

****** ****'* ******* **** ** *** **** **** *** **** to ** **** * **** ** ****** **, ****** *** and ***. *** *******, **** *****'* ****** ****, * **** could **** *** **** ** *** **** **** ******** **** they *** ********** ***, ********** ** *** *** **** **** are. ******* **** ******* ************* ** ** *******, *** ******* that ************ *********** *** **** ********** ****** ** * ********** risk.

*** ****** *** ** ***** **** ** *** ****** *** to ******* ***** ** ****** ***** ** *** ****, *** is ******** ** *** ** *****-******* ******* **** ********. ***** says **** *** ******* ** ****:

"** *** **** *******, ***** ****** **** **** *********** ********** ******** ***** *** ******* *** ****** user ** ** ****** * ********* ******** ** *** **** (***** GPS) ** ** *** ***** **** *******. "

*******, ***** **** ** *****, ***** ****** ** ********.

*** ***** **** ** *** ***** *** ** *** **** a ******** *** ***** *****. ** **** *****, ****** ******* ** ******** those ***** ***** **** *** ***** ****** *** *** ****** *** door **** ***** *** **** **********.

****

Comments (31)

Billy Guthrie

09/25/15 05:58pm

** ******** **** ** ******* **** * ********** *** ** (Card ******) ********** ***********, * ***** **** *** *** ** the ********** ** ******* ***** **** *** *****. *********** *** alongside * ********* ****** ***** ** *** **** ** ** opinion. ***********, *** ***** ******* ** *** ** *** ***** that ***** ** ************* ****** *** ********** *******. *** *** would **** *** **** ****** *** ******* ** ** * CA **********. **** ** ***** ** *** *** *******, *** phone ***** **** *** *******; **** ********* * ****** ** inches ** *** ****** ** ***** *** ******** ****** ******** were ** ** ******** **** **** ** -**** ** ***** transmit *** ** ********** ********* *** ***.

Undisclosed #1

09/25/15 06:22pm

********** ****** *** ********* ** $** *** ***. ***** **** this ** *********** ~** ***** *** ****, **** ** ****** inexpensive ********** ******** ** ******* ****** ***** ***** *** *** or **** **** *** ****** ****.

** ***** *** *** **** ** **** ** "***********", ** "rather ****** *** ******** ** ***** ****".

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #1 | 09/25/15 06:27pm

***** *** *****.

John Honovich

IPVM | In reply to Undisclosed #1 | 09/25/15 07:12pm

****** **, **** **** ******* **** **** ******** *** ****? :)

Undisclosed #1

In reply to John Honovich | 09/25/15 08:21pm

****** **, **** **** ******* **** **** ******** *** ****? :)

***.

*** *** ****** ******** ** ****.

*** ******* ****** ******** ** ****.

*** ****** *** ** ****.

*** ****** ******* ******* ** ****.

*** *****-***** ****** *** ******** ***** ** ****.

John Honovich

IPVM | In reply to Undisclosed #1 | 09/25/15 08:25pm

"** ****"

*** ** ******* ****. "** ******** ** *** ***** ** the ******** *******."

** *** ***********, ******** ***** ******* *** ******** **** ******** physical ******* (** **** * ****) ** **********.

Vlad Craciunescu

09/25/15 06:24pm

***** ** **** ****** ****** *********** ***** **** **** *** *** *** , *** **** sell * ****** *** ****, ****** *** **** ********* ***...** just ******* **** **** *** ** ***** **** ** ***.

Undisclosed Integrator #3

In reply to Vlad Craciunescu | 09/26/15 01:05am

****** *** **** ** ******

Undisclosed #2

09/25/15 08:10pm

***, ***** *** ********* * *** *** ** ***** **** that ********* *** ******, *** ****** ** **** **** *** door,any ******, and the majority of all smartphones in seconds.

*** ******, ** **** *** **** **** *** ******* ********** into *****?

John Honovich

IPVM | In reply to Undisclosed #2 | 09/25/15 08:13pm

"*** ******** **** ***** **** *****'****** ******* **.******** *** *** *** ***** *******."

Undisclosed #2

In reply to John Honovich | 09/25/15 09:36pm

* ****'* **** ***** **** * ******.

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #2 | 09/25/15 09:39pm

****** **** *****'* *** * ****** ** ****.

John Honovich

IPVM | In reply to Undisclosed #2 | 09/25/15 09:40pm

*** ****** ****** ** ********** ****. ****'* *** *****.

Undisclosed #2

In reply to John Honovich | 09/25/15 09:44pm

****** ****.

** **** ***, *** **** ******** *** ****** *** ***** entirely *** **** ********** ******* *** ********** ******** *******.

Keefe Lovgren

IPVMU Certified | 09/25/15 08:58pm

* ** ****** ********* ** *** ******* ** *** ****, over **** **** **** ****** ********** ** * *** **** is ***********. * ***** ** ******* ** **** *** **** people **** ** ** * *** **** **. **** ****.

*********** *** **** ** * ******* *** **** **** *** and ** **** ******* ***** **** ******* ** *** **** it...

John Honovich

IPVM | In reply to Keefe Lovgren | 09/25/15 09:02pm

*****, **** ********!

*****'* **** ** ***** ** *** ** *** ***** ** be ************* **********. ** *** **** **** *** ** ***** split *** ******* **** ***** **** *********** **** **** *** 50 - ** *****.

Brian Rhodes

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:08pm

****** *****. ******* ** ** **** ** *****, *** **** the ******** ********, *** **** ** ** ****** ** * local **** ******* **** *** *********** *** **** **, *****?

*** ***** ******** **** *** **** ****/ **** * ******** network ***** *** ********** ****** **** ** '*** *****', *** on * ***** ******.

Keefe Lovgren

IPVMU Certified | In reply to Brian Rhodes | 09/25/15 09:27pm

*****,

** *** ** ****** *** ** ***. * ********** **** only ***** ********* ** *** ****** *** ***** ***** **** have *** ** *** ****** *** *****.

Keefe Lovgren

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:31pm

**** *********** ****** ********** ****:

****** ********** ***** **** ******** *******-* ****** *.* (** ******) software ** ******* * ********** ***** ********** **** *** ** used ** *** ** *** **** ** * ****** ** person *****. ****** ** ********* *** ********** ** ** *** corporate ******* ******** *** ****, **** ********* ********* ** *** building, ** *** *** ******** ********** ******** *** ** ****** Credential **** ******** * **** ********** *** ** **** **** the **********. ** *** ************, **** ****** *** ** ******** to ** ** ********* ** *** ******** (****** **** *****) while ****** *** *** ***** ****** ********** **** ******** ** the *************’* **********.

Brian Rhodes

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:44pm

***********. ****** *** ******** ** **!

Undisclosed #2

09/25/15 09:59pm

*** *******, **** *****'* ****** ****, * **** ***** **** any **** ** *** **** **** ******** **** **** *** authorized ***.

* ***** *** **** ***** **** **** ****** *** ******** as ****, ** *** ****** **, ******* ** ***** ** meet ****. ******* **** ** ********* ** ******* ******.

********* **** *** *******/*********** ****** *** **** *** ******** *** the ***** ****. ***** ****** ******* * ******** *** *** length ** **** ******* *** *****/******** ********** ** **** * imagine ** * ********* *** **********.

** ****** **** **** **** ***** **** ***** ******* *******, but *** **** *** ****** ******* ******** ******** ********** **** 4G ** *** ***.

Ethan Ace

IPVM | 09/25/15 10:04pm

********* **** *** *******/*********** ****** *** **** *** ******** *** the ***** ****. ***** ****** ******* * ******** *** *** length ** **** ******* *** *****/******** ********** ** **** * imagine ** * ********* *** **********.
** ****** **** **** **** ***** **** ***** ******* *******, but *** **** *** ****** ******* ******** ******** ********** **** 4G ** *** ***.

**** ** *** **** **** **** **** ***** **** ******* systems? **** *****?

Undisclosed #2

In reply to Ethan Ace | 09/26/15 12:43am

* ******* ***** *** ** ***** **** **** ** ************* in ***** ******* ***** ***** ******** *** ** ******** ** cloud ******* **************.

*** * *** *** **** ** ** ****** ****** ** the **** ** **** * **** *******'* ****** ******* *********** are ****** *******.

** *** *** *******, **** *********** ***** ** ** ******** new ***** *** ****.

Wayne Jared

09/27/15 04:53pm

********' ****** ********** *** ******** ** **** **** *** **** that ***** *** * ****** *** ** *** * ********** for ****** ******* **** **** *********** *** *** ****/****** ***********, we ***** **'* ***** **** ***** *** ****** **.

*** ******* ****** *** *** ** * '****** ******', *** it's **** **** ** *** **** ** ********* *** **** the *** ****. ***, ****'* *** **** ** **, **'** been **** ******* ** **** **** **** *** ********** ** secure **** **** ** ********** *********** *** **** **** ** the ***** ** ** ****** ** *******. **** ****** ********** the ***** *****'* **** *** ** ** * ****** ******, it **** ***** *** ** ******* * ********** ** *** system *** *** *** ****** ** *** *** ******** ******. I ***** ******* ***** *** **** ********* ******* ** ****.

*** ************* ****** ** ********, ** ** ******** ************, *** can ****** ** **** **** ***** *** ******** ** *** limit **** ** **** ********* ** *** ******** (**** ******), and ****** * ****** **, ******** **** ** ***** ****** from ********. ** *** ***** ******** **'** ********** ** ****, this **** ** ****** **** **** *** ****** ** ******.

**** *****'* **** *** **** **** **** ********, *** ** need ** *** ****** ** *********** ****, ** **** *** can ********* *** ***** ** ***** ************* ******* *** ******** mobile ********** *** - **** ****, ***** **, ******, ***. via *** ***** ******, **** ** ***** ** ***** *** certified **** ** ********.

John Honovich

IPVM | In reply to Wayne Jared | 09/27/15 05:09pm

"**** ****** ********** *** ***** *****'* **** *** ** ** a ****** ******, ** **** ***** *** ** ******* * credential ** *** ****** *** *** *** ****** ** *** the ******** ******."

*****, *** **** ******** ****** **** *** ****** **? ** other *****, ** * ** ** ******** ** * ******* who **** ******** *** *** ****** ********** ******* ** ** phone. * ***'* ** ** ******?

Wayne Jared

In reply to John Honovich | 09/28/15 02:27am

****,

**'* * *** ***** ********* *** ** *********. '********* ******' typically ***** * ****** ******, ******* **** *** ********** ********. But **** **** ***** *** **** ******* *** **** ** effectively *********. ** (*** *'* ***** ******** ****) **** **** someone ******** *** ********* ****** *** **** ** *** ** knowing *** ******** **** ******* *** ****. ** ********* ****** in **** ******* ** *** ****** **** ******. ***** *** been ***** ****** ** *** ** *** *********** (*** *****) on ******* ******* * ********** **** **** ********* ******* ***** door ** * ******, ** *** ****** ** ****** ***** a ******** ****** ********* ***** ** *************.

**** *** ***** **** ** * **********, **** * ********** is *********, *** ****** ** ******* ***** ** *** *******. i.e. '**** **** **** ****** ** **** **** ** **** time?'. **** *******/***** ** ****** ** *** **** *** **** through *** ****, ** ** ***** *** ********* ***** **********. There ** ******* ** *** ***** ** ***** ****** *** credential. ********* ** ******** *******'* *********** ** ********* *** ****'* on ***** ********** ******* ******** *** ** ** *********** ******* any **** ** **** ** **** ******** ** *** **********.

** **** **** ****** ******* ** *** **** **** ** one *** ***: **** ***** ** ****** ********** **** ** rights ** *** **** *** ******** *** ********* ** ****** to ******* *** ******* ** *** ****** ***** **** *** their **********. **** ** ***'* ***** *** **********-**** ******** **** it.

John Honovich

IPVM | In reply to Wayne Jared | 09/28/15 11:31am

*****, * ***** ***'* ********** **** *** *** ******** ** do. *** ** *** ****** **** *** ****** *** '********* unlocks' * **** ***** * ****** ********** ** ** *** door ** **** ***** ****?

Undisclosed #2

In reply to John Honovich | 09/28/15 03:30pm

*** ** *** ****** **** *** ****** *** '********* *******' a **** ***** * ****** ********** ** ** *** **** at **** ***** ****?

****, **'* ****** **** ****** ********** *****'* ** * "********* unlock".

*******, *** ****** **** * ************ ****, **** ** ***** with * **** ****, *** **** ********** ***** **** *** credenditial **** **** *** ***** ** *** ** *** ****** instead ** *** ******.

* "********* ******" **** *** ********** ********, ** *** ***** hand, **** **** *** ******** *** ******** ********* *** ******, not *** ** *** ****** ***. ** **** **** *** require **** *** ****** *** ********** ******* ****** ****** ** granted ** *** *********.It's * **** ******** "****-**".

******* ****** ****** "******* **** *** ****** *** '********* *******' is ** *** **** ** **** ***** ****.", ***** **** using *** ****** ******* *** ***** ** ******** ****** *** world, ***

**** *******/***** ** ****** ** *** **** *** **** ******* the ****,or ** ***** *** ********* ***** **********.

**;**

'********* ******' **** **** *** ******** ********** *** ****** *** does *** ******* *** ****** ********* ******* ****** ****** ** granted ** *** ****** *********. ** "** *** ** ******* who" ** **** ****.

****** ********** **** *** ****** ********** *** ****** *** ******* they **** ********* * ***** **********. **** *** **** ** least *** ********* *** ******** *******, ****** *** ***'* ** sure **** *** ******** ** *** **** ** ****** **** the **** ** *** ******.

Brad Silvernail

09/27/15 04:59pm

********** - ** *** * ***** ******. ** ***** ***** Mobile **** ** ****** *********. * ***** *** ******** ** very ********** *** ******* ** *** * *******. *** ***** performance *** ****** ************* - ****** ** ***. ****, *** entry ** *** ******** *** ******** **** *** ** ******.

**** ** ***** ** ** ******** - ***. ********* ******* for *****-****** ********** - **** ** ***** - ***** *** having ** *** *** **** * ******** ****** ***** ** beneficial. ** ******* ** ***** *******. ***** *** ***** ********* with "******" ******** ********, ***** **** *** ***-******* ******* ** available.

*** ******* * **** ** *** ****** ** ***** *** and ********* ** ** ***** *** *** **** - **** one **** ******* ******.

* ***** ***** * ***** ************ ** **** ***** ** the ****** ***** ** ****'* **** *** **** ******* ** all *** *****!

Undisclosed #2

In reply to Brad Silvernail | 09/27/15 05:04pm

**** ** ***** ** ** ******** - ***. ********* ******* for *****-****** ********** - **** ** ***** - ***** *** having ** *** *** **** * ******** ****** ***** ** beneficial. ** ******* ** ***** ******.

******* ******* ** ***** **** *** ***-***** ******* *:**** *** 1:30PM ** ***********.

Bill Sowar

In reply to Undisclosed #2 | 09/30/15 04:31pm

**** ******** **** **** ******** **** *****/******** *********. *** ** someone ***** ** *** *'* *** ****** ** ******** * can **** ** *** ****** ***, ****** ** ***** **** are ******** ** *** **** *** *** **** ** ** not. (* ***** **** **** **** ** ***** ****** ** limit *********** *** ***- *******)

- **** **** *** *** ********* *** **** *****/******/***** ** they **** ***** *** *** ****.

- ********** ****** ** ** ****** *** * ***********. ** I ** ** ***** ** ** * ****** ** **** to **** * **** ** *****. *** **** **** *** opened *** ****, ** ***** ** ***** ** ***** ***** if ****** *** **** ******** ******* ***** *** **** *** world.

Login to read this IPVM report.

Why do I need to log in?

IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Avigilon New COO James Henderson Profile on May 23, 2017

It has been nearly 2 years since the infamous Bryan Schmode 'resigned' as Avigilon COO. Now, Avigilon once again has a COO, promoting James...

Aura's 'Invisible Ripple' Next Gen Intrusion Detection Tested on May 22, 2017

Aura Home is a startup intrusion detection system, but it claims new, high-tech sensing that monitors the 'invisible ripples' movement creates,...

Pelco Shutting Down Clovis Line, Laying Off 200 on May 22, 2017

Pelco's Clovis facility once turned out some of the industry's most popular products. Now, the facility is mostly building "obsolete" equipment,...

IP Camera - 15 Year Shootout on May 22, 2017

How far have IP cameras come? We bought and tested 4 cameras across the past 15 years to understand how much and where performance has...

Remote Video Monitoring Providers Directory on May 19, 2017

Remote video monitoring can help integrators generate RMR plus end users lower their security costs and/or improve response to critical...

Axis Criticizes OEMs: "When You Buy An Axis Camera, An Axis Camera Is What You Get!" on May 19, 2017

When you buy a Honeywell camera, you likely get a Hikvision, Dahua or some other company's product. The same goes for easily 100 different...

Hackable 125kHz Access Control Migration Guide on May 19, 2017

Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video...

Forget The Backdoor, "ALL HIKVISION PRODUCTS" On Sale on May 18, 2017

Less than 2 weeks after the Hikvision Backdoor was confirmed, Hikvision has launched a sale "ON ALL HIKVISION PRODUCTS". In this note, we examine...

Amazon Techs Installing IP Cameras Tested on May 18, 2017

In 2015, Amazon started offering video surveillance installation. Now, Amazon has made it a lot easier, with automatic add-on options and...

Brivo Mobile Pass Opens Any Door by Smartphone

Comments (31)

Billy Guthrie

Undisclosed #1

Brian Rhodes

John Honovich

Undisclosed #1

John Honovich

Vlad Craciunescu

Undisclosed Integrator #3

Undisclosed #2

John Honovich

Undisclosed #2

Brian Rhodes

John Honovich

Undisclosed #2

Keefe Lovgren

John Honovich

Brian Rhodes

Keefe Lovgren

Keefe Lovgren

Brian Rhodes

Undisclosed #2

Ethan Ace

Undisclosed #2

Wayne Jared

John Honovich

Wayne Jared

John Honovich

Undisclosed #2

Brad Silvernail

Undisclosed #2

Bill Sowar

Login to read this IPVM report.

Most Recent Industry Reports

Member Login