Brivo Mobile Pass Opens Any Door by Smartphone

Author: Brian Rhodes, Published on Sep 25, 2015

One of the major trends in access control are 'mobile' credentials.

NFC and BLE have been fighting for the title but neither has really has taken off.

Now, Brivo has announced a new way of doing this that sidesteps the hassle, and claims to work with any door, any reader, and the majority of all smartphones in seconds.

In this note, we examine Brivo Mobile Pass, explaining how it works, what it costs and what potential security risks it has.

*** ** *** ***** ****** ** ****** ******* *** '******' ***********.

*** *** ******* **** ******** *** *** ***** *** ******* *** ****** has ***** ***.

***, ***** *** ********* * *** *** ** ***** **** that ********* *** ******, *** ****** ** **** **** *** door, *** ******, *** *** ******** ** *** *********** ** seconds.

** **** ****, ** ******* ***** ****** ****, ********** *** ** *****, **** ** ***** *** **** potential ******** ***** ** ***.

[***************]

No ****** ******

****** ***** ****** *********** **** ******* ******* ******* *** ******** smartphones, ***** **** ***** * ***** **** ******** ***** ********** app.

***** ****** ***** **** ***** ****** ** ******** *** ***, connecting ** *** **** ********** ******* *****'* ***** *******, *** essentially ******* *** '****** ******' ******* ** *** **** ******* the *** *********. **** **** ** ** **** ********* ** operator ******* *** *** *********** ** ******* / ***** ** any ********** ****.

** **** ***, *** **** ******** *** ****** *** ***** entirely *** **** ********** ******* *** ********** ******** *******.

App ***** ********

*** ***** ***** ***** ***** *** ***** ********:

************

*** ******** **** ***** **** *****'****** ******* **.* ******* *** *** *** ***** *******.

***** ****** ******

************** *** ****** * ****** **** ** ** ********** **********. Passes are ******* **** ****** ** ***** ** *** ******, *** users *** ***** ***** ***** ** ******** ** ****** **** if **********. * ****** **** ** **** *** *** ****** of *****, *** *** ** ********* ** **** **** ** certain ***** ** ** ************* *****. *******, **** **** * mobile **** ** ****** (** *** ** ***** ****** **** Brivo's ********** ********), ** ******** * ****.

*********** ****

***** **** ****** ****** **** ** ********* ** *** *** ******* operating ******* *** *** ***** ****** ******* **** *******, ****, etc.

Mobile **** **** **********

***** ***** ****** ***** **** * '****' ****** ******. ********** passes *** ********* ** $** *** ***. ***** **** **** ** effectively ~** ***** *** ****, **** ** ****** *********** ********** compared ** ******* ****** ***** ***** *** *** ** **** **** the ****** ****.

******** *****

****** ****'* ******* **** ** *** **** **** *** **** to ** **** * **** ** ****** **, ****** *** and ***. *** *******, **** *****'* ****** ****, * **** could **** *** **** ** *** **** **** ******** **** they *** ********** ***, ********** ** *** *** **** **** are. ******* **** ******* ************* ** ** *******, *** ******* that ************ *********** *** **** ********** ****** ** * ********** risk.

*** ****** *** ** ***** **** ** *** ****** *** to ******* ***** ** ****** ***** ** *** ****, *** is ******** ** *** ** *****-******* ******* **** ********. ***** says **** *** ******* ** ****:

"** *** **** *******, ***** ****** **** **** *********** ********** ******** ***** *** ******* *** ****** user ** ** ****** * ********* ******** ** *** **** (***** GPS) ** ** *** ***** **** *******. "

*******, ***** **** ** *****, ***** ****** ** ********.

*** ***** **** ** *** ***** *** ** *** **** a ******** *** ***** *****. ** **** *****, ****** ******* ** ******** those ***** ***** **** *** ***** ****** *** *** ****** *** door **** ***** *** **** **********.

****

Comments (31)

Billy Guthrie

09/25/15 05:58pm

** ******** **** ** ******* **** * ********** *** ** (Card ******) ********** ***********, * ***** **** *** *** ** the ********** ** ******* ***** **** *** *****. *********** *** alongside * ********* ****** ***** ** *** **** ** ** opinion. ***********, *** ***** ******* ** *** ** *** ***** that ***** ** ************* ****** *** ********** *******. *** *** would **** *** **** ****** *** ******* ** ** * CA **********. **** ** ***** ** *** *** *******, *** phone ***** **** *** *******; **** ********* * ****** ** inches ** *** ****** ** ***** *** ******** ****** ******** were ** ** ******** **** **** ** -**** ** ***** transmit *** ** ********** ********* *** ***.

Undisclosed #1

09/25/15 06:22pm

********** ****** *** ********* ** $** *** ***. ***** **** this ** *********** ~** ***** *** ****, **** ** ****** inexpensive ********** ******** ** ******* ****** ***** ***** *** *** or **** **** *** ****** ****.

** ***** *** *** **** ** **** ** "***********", ** "rather ****** *** ******** ** ***** ****".

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #1 | 09/25/15 06:27pm

***** *** *****.

John Honovich

IPVM | In reply to Undisclosed #1 | 09/25/15 07:12pm

****** **, **** **** ******* **** **** ******** *** ****? :)

Undisclosed #1

In reply to John Honovich | 09/25/15 08:21pm

****** **, **** **** ******* **** **** ******** *** ****? :)

***.

*** *** ****** ******** ** ****.

*** ******* ****** ******** ** ****.

*** ****** *** ** ****.

*** ****** ******* ******* ** ****.

*** *****-***** ****** *** ******** ***** ** ****.

John Honovich

IPVM | In reply to Undisclosed #1 | 09/25/15 08:25pm

"** ****"

*** ** ******* ****. "** ******** ** *** ***** ** the ******** *******."

** *** ***********, ******** ***** ******* *** ******** **** ******** physical ******* (** **** * ****) ** **********.

Vlad Craciunescu

09/25/15 06:24pm

***** ** **** ****** ****** *********** ***** **** **** *** *** *** , *** **** sell * ****** *** ****, ****** *** **** ********* ***...** just ******* **** **** *** ** ***** **** ** ***.

Undisclosed Integrator #3

In reply to Vlad Craciunescu | 09/26/15 01:05am

****** *** **** ** ******

Undisclosed #2

09/25/15 08:10pm

***, ***** *** ********* * *** *** ** ***** **** that ********* *** ******, *** ****** ** **** **** *** door,any ******, and the majority of all smartphones in seconds.

*** ******, ** **** *** **** **** *** ******* ********** into *****?

John Honovich

IPVM | In reply to Undisclosed #2 | 09/25/15 08:13pm

"*** ******** **** ***** **** *****'****** ******* **.******** *** *** *** ***** *******."

Undisclosed #2

In reply to John Honovich | 09/25/15 09:36pm

* ****'* **** ***** **** * ******.

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #2 | 09/25/15 09:39pm

****** **** *****'* *** * ****** ** ****.

John Honovich

IPVM | In reply to Undisclosed #2 | 09/25/15 09:40pm

*** ****** ****** ** ********** ****. ****'* *** *****.

Undisclosed #2

In reply to John Honovich | 09/25/15 09:44pm

****** ****.

** **** ***, *** **** ******** *** ****** *** ***** entirely *** **** ********** ******* *** ********** ******** *******.

Keefe Lovgren

IPVMU Certified | 09/25/15 08:58pm

* ** ****** ********* ** *** ******* ** *** ****, over **** **** **** ****** ********** ** * *** **** is ***********. * ***** ** ******* ** **** *** **** people **** ** ** * *** **** **. **** ****.

*********** *** **** ** * ******* *** **** **** *** and ** **** ******* ***** **** ******* ** *** **** it...

John Honovich

IPVM | In reply to Keefe Lovgren | 09/25/15 09:02pm

*****, **** ********!

*****'* **** ** ***** ** *** ** *** ***** ** be ************* **********. ** *** **** **** *** ** ***** split *** ******* **** ***** **** *********** **** **** *** 50 - ** *****.

Brian Rhodes

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:08pm

****** *****. ******* ** ** **** ** *****, *** **** the ******** ********, *** **** ** ** ****** ** * local **** ******* **** *** *********** *** **** **, *****?

*** ***** ******** **** *** **** ****/ **** * ******** network ***** *** ********** ****** **** ** '*** *****', *** on * ***** ******.

Keefe Lovgren

IPVMU Certified | In reply to Brian Rhodes | 09/25/15 09:27pm

*****,

** *** ** ****** *** ** ***. * ********** **** only ***** ********* ** *** ****** *** ***** ***** **** have *** ** *** ****** *** *****.

Keefe Lovgren

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:31pm

**** *********** ****** ********** ****:

****** ********** ***** **** ******** *******-* ****** *.* (** ******) software ** ******* * ********** ***** ********** **** *** ** used ** *** ** *** **** ** * ****** ** person *****. ****** ** ********* *** ********** ** ** *** corporate ******* ******** *** ****, **** ********* ********* ** *** building, ** *** *** ******** ********** ******** *** ** ****** Credential **** ******** * **** ********** *** ** **** **** the **********. ** *** ************, **** ****** *** ** ******** to ** ** ********* ** *** ******** (****** **** *****) while ****** *** *** ***** ****** ********** **** ******** ** the *************’* **********.

Brian Rhodes

IPVMU Certified | In reply to Keefe Lovgren | 09/25/15 09:44pm

***********. ****** *** ******** ** **!

Undisclosed #2

09/25/15 09:59pm

*** *******, **** *****'* ****** ****, * **** ***** **** any **** ** *** **** **** ******** **** **** *** authorized ***.

* ***** *** **** ***** **** **** ****** *** ******** as ****, ** *** ****** **, ******* ** ***** ** meet ****. ******* **** ** ********* ** ******* ******.

********* **** *** *******/*********** ****** *** **** *** ******** *** the ***** ****. ***** ****** ******* * ******** *** *** length ** **** ******* *** *****/******** ********** ** **** * imagine ** * ********* *** **********.

** ****** **** **** **** ***** **** ***** ******* *******, but *** **** *** ****** ******* ******** ******** ********** **** 4G ** *** ***.

Ethan Ace

IPVM | 09/25/15 10:04pm

********* **** *** *******/*********** ****** *** **** *** ******** *** the ***** ****. ***** ****** ******* * ******** *** *** length ** **** ******* *** *****/******** ********** ** **** * imagine ** * ********* *** **********.
** ****** **** **** **** ***** **** ***** ******* *******, but *** **** *** ****** ******* ******** ******** ********** **** 4G ** *** ***.

**** ** *** **** **** **** **** ***** **** ******* systems? **** *****?

Undisclosed #2

In reply to Ethan Ace | 09/26/15 12:43am

* ******* ***** *** ** ***** **** **** ** ************* in ***** ******* ***** ***** ******** *** ** ******** ** cloud ******* **************.

*** * *** *** **** ** ** ****** ****** ** the **** ** **** * **** *******'* ****** ******* *********** are ****** *******.

** *** *** *******, **** *********** ***** ** ** ******** new ***** *** ****.

Wayne Jared

09/27/15 04:53pm

********' ****** ********** *** ******** ** **** **** *** **** that ***** *** * ****** *** ** *** * ********** for ****** ******* **** **** *********** *** *** ****/****** ***********, we ***** **'* ***** **** ***** *** ****** **.

*** ******* ****** *** *** ** * '****** ******', *** it's **** **** ** *** **** ** ********* *** **** the *** ****. ***, ****'* *** **** ** **, **'** been **** ******* ** **** **** **** *** ********** ** secure **** **** ** ********** *********** *** **** **** ** the ***** ** ** ****** ** *******. **** ****** ********** the ***** *****'* **** *** ** ** * ****** ******, it **** ***** *** ** ******* * ********** ** *** system *** *** *** ****** ** *** *** ******** ******. I ***** ******* ***** *** **** ********* ******* ** ****.

*** ************* ****** ** ********, ** ** ******** ************, *** can ****** ** **** **** ***** *** ******** ** *** limit **** ** **** ********* ** *** ******** (**** ******), and ****** * ****** **, ******** **** ** ***** ****** from ********. ** *** ***** ******** **'** ********** ** ****, this **** ** ****** **** **** *** ****** ** ******.

**** *****'* **** *** **** **** **** ********, *** ** need ** *** ****** ** *********** ****, ** **** *** can ********* *** ***** ** ***** ************* ******* *** ******** mobile ********** *** - **** ****, ***** **, ******, ***. via *** ***** ******, **** ** ***** ** ***** *** certified **** ** ********.

John Honovich

IPVM | In reply to Wayne Jared | 09/27/15 05:09pm

"**** ****** ********** *** ***** *****'* **** *** ** ** a ****** ******, ** **** ***** *** ** ******* * credential ** *** ****** *** *** *** ****** ** *** the ******** ******."

*****, *** **** ******** ****** **** *** ****** **? ** other *****, ** * ** ** ******** ** * ******* who **** ******** *** *** ****** ********** ******* ** ** phone. * ***'* ** ** ******?

Wayne Jared

In reply to John Honovich | 09/28/15 02:27am

****,

**'* * *** ***** ********* *** ** *********. '********* ******' typically ***** * ****** ******, ******* **** *** ********** ********. But **** **** ***** *** **** ******* *** **** ** effectively *********. ** (*** *'* ***** ******** ****) **** **** someone ******** *** ********* ****** *** **** ** *** ** knowing *** ******** **** ******* *** ****. ** ********* ****** in **** ******* ** *** ****** **** ******. ***** *** been ***** ****** ** *** ** *** *********** (*** *****) on ******* ******* * ********** **** **** ********* ******* ***** door ** * ******, ** *** ****** ** ****** ***** a ******** ****** ********* ***** ** *************.

**** *** ***** **** ** * **********, **** * ********** is *********, *** ****** ** ******* ***** ** *** *******. i.e. '**** **** **** ****** ** **** **** ** **** time?'. **** *******/***** ** ****** ** *** **** *** **** through *** ****, ** ** ***** *** ********* ***** **********. There ** ******* ** *** ***** ** ***** ****** *** credential. ********* ** ******** *******'* *********** ** ********* *** ****'* on ***** ********** ******* ******** *** ** ** *********** ******* any **** ** **** ** **** ******** ** *** **********.

** **** **** ****** ******* ** *** **** **** ** one *** ***: **** ***** ** ****** ********** **** ** rights ** *** **** *** ******** *** ********* ** ****** to ******* *** ******* ** *** ****** ***** **** *** their **********. **** ** ***'* ***** *** **********-**** ******** **** it.

John Honovich

IPVM | In reply to Wayne Jared | 09/28/15 11:31am

*****, * ***** ***'* ********** **** *** *** ******** ** do. *** ** *** ****** **** *** ****** *** '********* unlocks' * **** ***** * ****** ********** ** ** *** door ** **** ***** ****?

Undisclosed #2

In reply to John Honovich | 09/28/15 03:30pm

*** ** *** ****** **** *** ****** *** '********* *******' a **** ***** * ****** ********** ** ** *** **** at **** ***** ****?

****, **'* ****** **** ****** ********** *****'* ** * "********* unlock".

*******, *** ****** **** * ************ ****, **** ** ***** with * **** ****, *** **** ********** ***** **** *** credenditial **** **** *** ***** ** *** ** *** ****** instead ** *** ******.

* "********* ******" **** *** ********** ********, ** *** ***** hand, **** **** *** ******** *** ******** ********* *** ******, not *** ** *** ****** ***. ** **** **** *** require **** *** ****** *** ********** ******* ****** ****** ** granted ** *** *********.It's * **** ******** "****-**".

******* ****** ****** "******* **** *** ****** *** '********* *******' is ** *** **** ** **** ***** ****.", ***** **** using *** ****** ******* *** ***** ** ******** ****** *** world, ***

**** *******/***** ** ****** ** *** **** *** **** ******* the ****,or ** ***** *** ********* ***** **********.

**;**

'********* ******' **** **** *** ******** ********** *** ****** *** does *** ******* *** ****** ********* ******* ****** ****** ** granted ** *** ****** *********. ** "** *** ** ******* who" ** **** ****.

****** ********** **** *** ****** ********** *** ****** *** ******* they **** ********* * ***** **********. **** *** **** ** least *** ********* *** ******** *******, ****** *** ***'* ** sure **** *** ******** ** *** **** ** ****** **** the **** ** *** ******.

Brad Silvernail

09/27/15 04:59pm

********** - ** *** * ***** ******. ** ***** ***** Mobile **** ** ****** *********. * ***** *** ******** ** very ********** *** ******* ** *** * *******. *** ***** performance *** ****** ************* - ****** ** ***. ****, *** entry ** *** ******** *** ******** **** *** ** ******.

**** ** ***** ** ** ******** - ***. ********* ******* for *****-****** ********** - **** ** ***** - ***** *** having ** *** *** **** * ******** ****** ***** ** beneficial. ** ******* ** ***** *******. ***** *** ***** ********* with "******" ******** ********, ***** **** *** ***-******* ******* ** available.

*** ******* * **** ** *** ****** ** ***** *** and ********* ** ** ***** *** *** **** - **** one **** ******* ******.

* ***** ***** * ***** ************ ** **** ***** ** the ****** ***** ** ****'* **** *** **** ******* ** all *** *****!

Undisclosed #2

In reply to Brad Silvernail | 09/27/15 05:04pm

**** ** ***** ** ** ******** - ***. ********* ******* for *****-****** ********** - **** ** ***** - ***** *** having ** *** *** **** * ******** ****** ***** ** beneficial. ** ******* ** ***** ******.

******* ******* ** ***** **** *** ***-***** ******* *:**** *** 1:30PM ** ***********.

Bill Sowar

In reply to Undisclosed #2 | 09/30/15 04:31pm

**** ******** **** **** ******** **** *****/******** *********. *** ** someone ***** ** *** *'* *** ****** ** ******** * can **** ** *** ****** ***, ****** ** ***** **** are ******** ** *** **** *** *** **** ** ** not. (* ***** **** **** **** ** ***** ****** ** limit *********** *** ***- *******)

- **** **** *** *** ********* *** **** *****/******/***** ** they **** ***** *** *** ****.

- ********** ****** ** ** ****** *** * ***********. ** I ** ** ***** ** ** * ****** ** **** to **** * **** ** *****. *** **** **** *** opened *** ****, ** ***** ** ***** ** ***** ***** if ****** *** **** ******** ******* ***** *** **** *** world.

Login to read this IPVM report.

Why do I need to log in?

IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Reseting IP Cameras - 30 Manufacturer Directory on Sep 22, 2017

Every camera has a reset button (well, almost) but it is not always clear what these buttons do, how long they need to be held, what settings they...

80+ OEMs Verified Vulnerable To Hikvision Backdoor on Sep 22, 2017

Over 80 Hikvision OEM partners, including ADI, Interlogix, LTS, and Northern Video, have been verified as having products vulnerable to the...

Genetec Launches Cloud Access Control (Synergis SaaS) on Sep 21, 2017

Genetec's cloud everything expansion continues, with their announcement of Synergis SaaS edition, joining their cloud video offering Stratocast,...

Genetec CEO Warns Against Insider Threats on Sep 21, 2017

With Dahua and Hikvision cybersecurity issues becoming indisputable, a new counter has emerged. Just put them behind a firewall, buy cheap...

New IPVM Calculator V3 Released on Sep 20, 2017

The New IPVM Calculator V3 is released. An entirely new architecture delivers the following benefits: Turbo The calculator is now ~50% faster in...

Automatic Door Operators For Access Tutorial on Sep 20, 2017

Opening and closing doors might sound simple, but it takes a high-tech piece of door hardware to pull it off. Integrating automatic door operators...

'Clowns' Allege Ubiquiti 'Completely Fraudulent' on Sep 20, 2017

A short seller has alleged Ubiquiti is 'completely fraudulent'. Ubiquiti's CEO has responded calling them 'clowns'. Here is the short...

Avigilon 'Blue' Cloud Entry Examined on Sep 19, 2017

Avigilon is moving to the cloud. The company announced their Avigilon Blue platform, designed to be a web-managed surveillance system, utilizing...

HID Buys Mercury Security on Sep 19, 2017

One of the biggest access control deals in years. Mercury Security, the most widely used access hardware OEM, and partner to 20+ manufacturers,...

Hikvision Backdoor Exploit on Sep 18, 2017

Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras. As the researcher, Monte...

Brivo Mobile Pass Opens Any Door by Smartphone

Comments (31)

Billy Guthrie

Undisclosed #1

Brian Rhodes

John Honovich

Undisclosed #1

John Honovich

Vlad Craciunescu

Undisclosed Integrator #3

Undisclosed #2

John Honovich

Undisclosed #2

Brian Rhodes

John Honovich

Undisclosed #2

Keefe Lovgren

John Honovich

Brian Rhodes

Keefe Lovgren

Keefe Lovgren

Brian Rhodes

Undisclosed #2

Ethan Ace

Undisclosed #2

Wayne Jared

John Honovich

Wayne Jared

John Honovich

Undisclosed #2

Brad Silvernail

Undisclosed #2

Bill Sowar

Login to read this IPVM report.

Most Recent Industry Reports

Member Login