Brivo Tested

By Brian Rhodes and John Scanlan, Published Dec 17, 2020, 10:24am EST

Brivo is a veteran cloud access control provider who recently released its first combo reader / door controller.

IPVM Image

We bought and tested Brivo's ACS100 and their cloud-based access platform to see how it stacks up against competitors in the security space.

In this report, we cover these findings and more:

  • 6 key strengths and 6 key weaknesses, including 2 security risks.
  • 6 videos and 7+ images showing physical build details of the controller, installation, overview of the app, and management interface.
  • Test details of remote access control via Brivo's mobile Pass app
  • Multiple sections and images explaining how the cloud management portal works
  • Price and features versus other cloud-based access systems

Inside, we detail our findings on how well the system operates, where it is weak, and how it compares to other cloud offerings.

Strengths *******

*** ***** ****** *****'* key *********:

  • **** ** ***: *****'* ****** ****** is ********, ******, *** the ****** *** ********* are **** ** **********. Compared ** ***** '***** access' *****-***** *******, *****'* layout ** ****** *** the ******** ****** ** expected ***** **** ** our *****.
  • ***** ********** & ******:*** ********** **** ***** fewer ******** ******* ****** during *******, ********* ** quicker/less ********* ******** *** simplified **** *******.
  • *** *******:*** ****** **** ***, reducing *** ****** ** cables, *** *********** *** voltage ***** ********.
  • ******** ********* ******: *** ****** ***** both *** *** *** 13.56 *** ****** ***********, meaning **** *** ****** can ** **** *** situations ***** ******** *** kHz *********** *** ***** migrated ** **** ****** 13.56 *** *****.
  • ********** ****** *******:*****'* ****** *** **** has *** ********* - unlocking ***** - *** it ******** *** ************ did ** ** **** than ** ******** **** from ********* ******* *** local **** ******* (*** cell ***** **********).
  • *****-*****: ****** **** ****** systems **** ******* ** on-premise ****** ** *** embedded ******* ** ******* controllers, ***** **** *** require *** ******* ******* configuration ** ******** *** remote ***.

Weaknesses *******

*******, *** **** ******* and ********** *** ********* to *****:

  • ******* **** **** ****: ** *** ****** is ******* **** *** mounting *******, *** ****'* lock ****** ** ******* and *** ** ****** forced **** **** * battery.
  • ********** ****** ******: **** *** **** was *******, *** *************-***** tamper ****** ***** *** not *****, ******* *** lock ***** ***** ** hacked ******* *** ****** being ********. ** ******* the **** **** ***** with ** ************ ** happened.
  • *** '*****' ****** ***** Required: ***** * *** updated ******* ** ***** can ** **** *** most **********, *** *** dated '*******' ******* **** still ** **** *** setup *****.
  • ******* ********* *******: *** ****** ***** only ***** ****** *******/**** for *** *** ******* credentials, ********* *** ******** security *** ******* ** those *******.
  • ** *******: ***** ****** ******* or ****** ********** ** the ***** *********, *** large ** *********** ******* are ********* ** ********.
  • *** ********* ******:***** ****** ***** ******** touching ** ****** *****, unlike **** ***** ****** solutions (*.*: ***, *****, Openpath) ***** ****** **** approach ** ****** *****.

Hacking ****** **** ***** ****

*** **** ********** ******** with *****'* ****** ** that ******* ** ***** design **** **** *** entire **** ** *** unsecured/lock **** ** *** door (******** *** ***** combo *******), *** **** control ***** *** ** easily ******** **** ** unlock *** ****.

** *** ***** *****, we **** *** **** these ***** *** ******* from *** ******, ** external ******* *** ** connected ** ***** *** strike **** *********:

*** **** ******** ******** by *** ****** ** vulnerable ** **** ******* wire ****, ********** ** whether *** **** ** normally **** (**) ** normally ****** (**) *********.

**** ** * ****** look ** *** ******* lock ***** **** *** easily ******** **** *** unit ** *******:

IPVM Image

Not ******** **** ***** ****** ***** *****

***** ***** **** ******* offer * ******* ***** (e.g.:****** '******** ******** ******') **** ** ********* on *** ******/******* **** of *** **** **** protects ******** *** ***** in **** *** ****** their ***** ** *******.

***** **** **** **** they ** *** ***** a ******* ******. ***** this ********, ** ****** not ***** ***** ***** on ****-******** ** *********/******* openings.

Unreliable ****** ******

*** ******* ** *********** exposed **** ***** ** made ************* ***** ** a **** ****** **** often *** *** ****.

*** ****** *** *** factory ****** ******: *) the ****** ****** ****** beeping *** *) *** unit ** ******** ** send * ************ ** the ***** ******.

*******, ** *** *******, no ***** ************ *** ever ****, *** *** local **** ******* ***** often *** *** ******. Even **** ** ***, the ****** *** **** enough **** ** ***** be ****** ******* ***** the *** ***** *** removed.

** *** ***** *****, we **** ******** *** ACS100 ** **** ** tamper ** ********* ** all, ******* ******** *** undetected ****** ** **** wires:

** **** ***** ***** the ****** ********, *** they ********* ** ********** the **** ** ******** with * ****** ***** but *** *** ******* the *********** ********:

*** ****** ****** ******** if *** ***** ****** the ***** ******. ** has * *****-** ************* to ****** ******.

*******, ***** *** **** the ****** *** ** removed ******* ******** *** accelerometer, ** ****** *** using ***** ***** ** high-security ** *********/******* ********.

Cloud ********** *****

*** ****** ** ******* by *****'* *****-***** ****** (called *****) *** **** be ********* ** * PoE ****** *** **** Internet ******. *** *****-***** management ****** **** * web ****** ******* ** an **-******* ****** ** software ******.

** ***** ** '***** dependency', *** **** ****** cards *** **** ***** grant ****** **** ** the ****** *** ************, but *****'* **** **** worked ** ********* ** the ********.

** *** *******, *** latency/lag ******* ****** ********* at *** **** *** showing ** *** *** portal *** ********* **** than * *******.

*******, ****** ********** **** Emergency *********, ****** *******, and ****** **** ******* took *** ****** ** less.

IPVM Image

Physical ********

*****'* ******** * ****** **** controller **** ** ********** credential ******.

*** **** ******** * single-door ****** ********** **** a *** *** *** 13.56 *** ****** ** a **** *********. *** unit ** *** ******* and ******** *********** ** a*******-**-**** ******,**** ******** ******, *** * ****.

*** **** ****** ** a ******** ********** ******** box *** ******* ****** onto *****, **** *** test *******:

IPVM Image

** ********* ** ******** strike *** **** ******** switch ** *** **** during *******.***** ********* ** ***** models** ****** ***** ** white, *** **** **** the **** ****** ***** full-sized *****, *** **** a ******.

*** ******** ***** ***** reviews *** ******* **** and ************:

**** ** $***, **** the ****** ***** ******* ~$40 ****.

Reader *******

************* ****** *** ****, while ****** *** *** reliable, ** *** *** other ****** ****.

*** *******, ** * series ** ******* ***** or **** **** *******, the **** ***** *********** shut **** **** ******* reads ***** *** ***** was ******* ** *****.

****** ***** ******, *** integrated *** ***** ***** red *** *** **** would ******* **** *********** nor ******* ** ****** presses:

Wavelynx ***

********* ** ******* ******** ***** *******, and ******** ************ *** Brivo.

** ***** ******* ******** ****** ******-**** Combo **********, *** **** ** OEM'd ** ********. ***** commented:

***********************************************************************************************'********************************.

*******, *** **** ****** itself ***** ****** ****** that ***** **** *******, even ** **** ** not *********** *** ***** themselves.

************ *** ********** **********, in *** *******, *** first *** **** ***** possessed * ******** '**** condition' ******* **** ****** them ** *** ******* when ********** ** *** OnAir *******.

***** **** ******* ********** the ***** *** ***** engineering ***** ******* *** problem *** **** *****.

OnAir ********

*** ***** ** ******* by *****'* *****-***** ****** (called *****) ********** ***** with * ******* *** internet ****** ** ******* and ****** *** ******. Users ** *** *** Brivo ******* ** **** but *** ** ** an ***** ******.

*** **** ********* '******' screen ***** *** **** recent ****** ******** *** system ******, ******** **** of *** **** ****** features *** **** ********** when ***** *** *******, such ** ******** ********* doors **** *** '*******' screen.

*** ***** ***** ***** an ******** ** *** workflow ******* ***** *** latest ******* ** *****:

Adding ***** *** ***********

****** ***** *** *********** can ** **** **** a ****** '*****' ********* tab. **** ************* ***** will ** **** ** enter *** ****** *** users, ** *** ******* generally ******* ************ *** a *******:

IPVM Image

** **********/******* *****, ******* that *********** ****** ****** are ********* ******** ***** the ****'* **** ** all ****, ******* **** can ** **** ******* and ********* ** *** need ******** ****** ** make ******.

***** ********* ***** ** credentials *** *******: '*** Card' ******** ******/ ****, management ******** ***, *** permissions ** ****** ******** doors *** *** ***** app.

** ******** *** ****** users ****** ******* ****** credentials, *** *** ****** as ******** **** ** errors.

*******, *** ***-***** ********* 13.56 *** *********** **** MIFARE ******* *** ****** SEOS, **** ***** ***/ UIDs *** ********** ** the ****** *** ***** data ** *** *********** are *******.

***** ********* ****, **********:

*** ***-**** ****** ******** both ****** ********* *********** and **.***** ***********. ***** the ****** *** **** smart *****, ** **** only ** **** ** decrypt ***** ***** ***********. Any ***** ***** ********** will **** ******* *** card ****** ****** (**** as *** ******).

*** ****** ** ****** also ******** * ****** that ******** * ** to * ********* *** codes. ** *** *******, we *********** ** ****** with *****, *******, ** revoking **** ** *** system.

No **** ** ****** *********

***** ***** ***** *** not **** ** ****** maps ** *** ******* details. *** ******** ** doors/openings ****** * ******** is *** ********* ** location, ***** *** ** inefficient *** ***** ** widely ********* *******.

Manual **** ******** & ********

** ***** ** ****** door ******** ** '**** visitors **' *** ******** unlock *****, *** ******** and ******* ****** *** easy ** **** ******* in *** '*******' ******.

*** **** ***** ** most *****, ***** ***** will **** ***** ** fewer ****** ** ****** a **** ********** ** what ***** ********/******* **** may ** *****.

** **** **** ** the ***** *****:

Old '***** *******' ***** ******

***** *** ****** ******* of ***** **** ** the ****** **** ****, the ***** '*******' ******* is ***** ****** ** add *** ********* ******/*****/***** to * ******.

*** ***** ***** ****** does *** **** *** deep ************* ** ***** screens ****** *** * basic ******, *** **** users ****** ********** ******** the ****** ********* ****** for * ***, *** critical, *********.

*** **** ***** ***** describes ****:

***** ******** ** ****** when/if ***** ******** ******** will ** ***** ** the *** ***** *********.

Brivo **********

*** ****** ******** * mobile ***** *** *** users ** ******** ********* doors **** ***** ******.

***** '*********' ********* ****** as * **** ********** a ****** ****** **** when * ***** ** locked *** ********, *** Brivo *** ******* * user ** ****** * mobile ****** ** ********** contact * ****** ** unlock *** *******.

IPVM Image

***** ********* *** *******:

***** ****** **** ****** multiple **** ** ****** doors **** ** *** require *** **** ** go ******* *** ** the ***** ** ********* the *****, ******* *** app, ******* ****, ***.:

  • ***** ****** -- *** of *** *****, *** features ** *** ****** is *** ******* ** tap ** *** ****** and ******* * *** unlock ** *** **** without ******** *** ***** from **** ******.

  • **** ********* -- ******** feature ** *** **** allows *** ***** ** create ****** ***** ******** to ****** ***** *****

  • ***** ****** -- ******** feature ** *** **** allows ***** ** ****** doors ******* ******* *** Brivo ****** **** *** from ****** ***** **** screen (*******) ** ***** View (***).

***** *** '*********', ** confirmed **** * ***-****** contact ** *** ****** with * ***** ** a ****** ****** ******* the ****:

*******, *** ******* ** ~2-second ******* ******** *** reader ** ******. ***** pandemic ********, *** *********** waving ** * ***** is ***** **** ******** potentially ******** ********.

** ***** ** ***** Siri ******** ** *******, if * ***** ** pocketed *** ********** *** not ******* **** * command, *** ******** * phone ** ***** ******* into ** ** ****** as ****. ********, ******* to ******** * ****** will ***** ****** ** needed.

***** **** ****** **** users *** ******** **** with *** ******, ********** users **** ~$*.** - $0.10 *** *****, ********* sold ** ****** ** 100 ** **** ******* the ****** *******.

*** **** ** * Brivo ****** ********** ** less **** *** ******, which **** ~$*.** *** month *** ****.

Pricing ********

*** ****** *** ** MSRP ** $***, *** Brivo ** **** ** dealers, *** ************, *** pricing ****** ** ****** and ** ********.

** ***** ** *****, Brivo ** *** ** the ****** ********* *******, generally ******* ~$* - $15 *** **** *** month, ** * ****** cost ** ~$** - $180 *** ****.

*** ********* ********** ***** products **** **** * lifetime ******* ********.

OnAir ***** *** ******** ***** ***********

***** ***** ******** *** forms ** ***** **** the ***** *********,********** ****** ***** *****. However, ***** *********** ** an ***** ******* *** not ******** **** *** basic ********.

**** ***** ** **** video *********** ** * future ******.

Brivo ******** ** ***** ***** ****** *******

***** *****-***** ****** ********* are ********, ***** *** several ***** ********* ** the ******. ***** *******:

** ***** ** *****, Brivo ** *** ** the ***** ********* *******, generally ******* ~$* - $15 *** **** *** month ** * ****** cost ** ~$** - $180 *** ****.

** ********, ******* ** the **** ********* ****** option *****, ******* ~$*** - $*** *** **** per **** *** *******.

*******, ******** **** ***** integration *** ****** *********** add ** *** ***** monthly ***** **** *** are ******** ** *******'* system *** ** ********** fee.

**** * ********** ***********, Verkada **** ****** * single *-**** $*,*** ********** that **** ** ********* regardless ** *** ***** door ***** **** *** 4 ********* ***** ** not. ** ****, ********** readers **** ** *********, adding ******* ~$*** - $500 *** ****.

*** ********, **** ** not ***** * ***** unit, *** ******** ******** a ***-**** *** ********** for $***. ** ********** Openpath ****** **** ** needed, ********* ** * total ***** ** ~$*** for * ****** ****, and * ******* *** of ~$** *** ****, making *** ***** ****** than *****. *******, ******** offers ****** ****** ******** that ***** **** ***, including '*****' *** '*********' access ******* ******** ** app.

** *** **** ** the $*** **** ***** or ***** ***** ****** systems ***** ******-**** ******* Security ***********, *** **** runs **** *** *** reader ********** ****** **** the ******** ********** *** reader ******** ***-***** **** systems.

Software & ******** ****

*** ********* ******** ******** and ******** *** **** for *******:

  • ***** ***** ***.** /********
  • ***** ****** **.*.*.*
  • ***** ********** ****
  • ****** ****** * **.*.****.**
  • *** ***.*, ****** ** Max

Comments (11)

***** ********* ** *** report **** ********:

Re: '*** ****** ******** * ****** ***** *** *** ***** ** ******** ********* ***** **** ***** ****** ** *** ** *** **********, *** *** * ******.

Brivo ********** ******* ***** *** *** **********, *** *** ******, ******* ** *** ****** **** **

***** ****** **** ******** both ***** ** *********:

  • **********-***** ******* **** *** internet (*** ******)

  • ******-***** ******* ***** *** phone’s ********* ********** (***** Readers *** ******)

**** ***** *** ********* connection ** *** ***** Reader, *** *** ** read, ***********, *** ******* in *** **** *** as * ******** ********** by ****** *** *** panel.

**** **** ********* ******* for ****** ****, ***** we **** ****** ** the ******.

** *** ******* *** 'Fluid ******' ***** ******* now, ******** ********** ******** a ****** ** ******* an ****** ** ***** a ********* *****/ ************ issue.

***** **** ********* **** this ********* ***** *** limitations ** ***** ***, which ** **** ******** through ******* *** ******* the ******:

***** ****** **** ****** multiple **** ** ****** doors **** ** *** require *** **** ** go ******* *** ** the ***** ** ********* the *****, ******* *** app, ******* ****, ***.:

  • ***** ****** -- *** of *** *****, *** features ** *** ****** is *** ******* ** tap ** *** ****** and ******* * *** unlock ** *** **** without ******** *** ***** from **** ******.

  • **** ********* -- ******** feature ** *** **** allows *** ***** ** create ****** ***** ******** to ****** ***** *****

  • ***** ****** -- ******** feature ** *** **** allows ***** ** ****** doors ******* ******* *** Brivo ****** **** *** from ****** ***** **** screen (*******) ** ***** View (***).

***** *** '*********', ** confirmed **** * ***-****** contact ** *** ****** with * ***** ** a ****** ****** ******* the ****:

*******, *** ******* ** ~2-second ******* ******** *** reader ** ******. ***** pandemic ********, *** *********** waving ** * ***** is ***** **** ******** potentially ******** ********.

** ***** ** ***** Siri ******** ** *******, if * ***** ** pocketed *** ********** *** not ******* **** * command, *** ******** * phone ** ***** ******* into ** ** ****** as ****. ********, ******* to ******** * ****** will ***** ****** ** needed.

*** ***** *********/**** *********** idea *** **** ********* in **** ********, *** would *** ****** **** doors ***** ******** **** by ****** ******* **** a ***** ********** ******* by * ****? ******* how **** **** ***** be ** **********. *** besides, ****** *** *** using ********* **** ******* you *** ***** ****** to ***** *** ****/******.

**** ***** ***** **********?

*** *** ***** ** this **** ** ****** being **** ** ****** multiple *****, **** ***********, response ****?

*** **** ****** * document ** ****** **** compares *** "***** *****" vendors? *** **** ********** all *** ******* *** the ***** **** **** reports *******?

***** *****!

**** ***** ***** **********?

** ***** ** *** ACS100 ** ***** *******?

* ** *** ******* the ****** ** ***** for ******, *** *** company *** **** *** beacons ** *** ****, and *'** *** **** for ********.

*** **** ****** * document ** ****** **** compares *** "***** *****" vendors?

**** ** * **** idea, *** ***** ** have **** ***** ** updated **** ** ***** access ******* *********,********,*******, ** **** ** adding **** ** **** and ** **** ********* in * '********' ********* systems ** ** ******* for **.

****** *** ******** ** up!

****** ***** .. *** cloud-based ****** ******* *** changing ***** *** *** some ** *** ********/**********/************ of **** *** *** be ******* ***** *** actually *** ***, ******* and ******* **, *** see **** ** ****** different **** **** ****** systems *** *****.

* **** ***** **** of *** ******* ********* to *** *****-***** ******* are **** **** ***'* usually ****** *** *** events **** ** **-******* system (** *** **** has * *** ********* but ** ***** **-*******) does:

*******: **** * **-******* system, ** *** *** using * ******** **** setup **** ******** * door ****** ****** *** a *** ****** **** a ****** ******, *** should *** *** ********* events ** *** ******* log ***** ******* ******** a ***** **********:

*. ***** *****, *. Door ****, *. *** input, *. **** ******

**** * ******** ********** of * "****" ********/****** system, *** *** *** need ** ****** ***** events **** *****, *** during ************* *** *******, it ** **** ****** and **** ** ** are **** ** ****** these ****** ** ****** not **** ** **** time, *** ***** *** fact. **** ***** *******, either ** ***** **** to ****** ******* ******* to *** ***** ** because **** *** ****** "convenience" ****** ******* *******, do *** ****** ****** 2, *, *** *. You ** *** *** real **** ***** ** the ***** *** **** they ****** ** ******, but **** *** **** a **** ** * scheduled ******** *****, ** is ****** (*** ******** in ** ****) ** record ***** **** *** door ** ****** ** closed *** ***** ****** if ******.

*. *******

**** ***** ***** ******* do *** ***** ** convenient ** ** ******** history ******** ** **-******* systems. **** **-**** ******* allow *** ****** ** door, ******, ***** ****, and ****/**** ** *** combination. ***** *** *** be ** **** ***** types ******* ** * cloud-based ****** *** *** 4-way *********** *** *** be *****. ** ***** cloud-based ******* *** ********* for ******** **********, ***** makes ***** **** * cloud *********** **********, *** not **** * *********** security ******** **********.

*. *** ******* ** readers

**** *****-***** ******* ******* the *** ** ***** own ****** ** ***** to ***** *** *** benefits ** ***** ****** apps *** **** ***** sense. ***** ******* *** designed ** *** *** of *** ******** ** their ****** ** *** as *** ***/*** ******* features ** **** ** the ****** **** *** or **** ** ***** of *** ****** **** your ****** ****** ***** in **** ****** .. very **** *** ****-******** features. *******, ***** **** readers ***** ** *** come **** ** ******** PIN ****** ******. ***** are ******** *** ***** for ***** * *** password ** *** *********** access ******* ********** **** these ***** ******* ****** accomodate ******* ******** * weigand ****** **** ** or **** *** "*****" reader.

*. *** **** ***** said, ** *** **** side *** *** **** to ****** ****** **** that **** ******** **** the ****** ** *** the ****** ********** ***** as **** ** *** easy ************ **** ****** directory **** ********** ***** the ** **** ** the *** **** ** provisioning **** ** *** security. *** **** *****-**-****** systems ******, ***** ***** cloud **** ******* ****** really *****, *** ****** integrations ******* ** *** cloud-based ******* (****'** *** usually ****) *** ****** needed ** ****.

*** ***** *** *** ... ***** ******* **** of **** ** ** speak.

***** #* ** ********* we ***** ****** ******* in *** ******* ****** testing.

*** ******* *** ********* that *** *** ****** door ********/*** ************* *** status **** *****. * serious ********* ** ** opinion

********* ***** ** * A ****** ******* ** simply ******** *** *** acs1000 **** ******* *** registered ** ******* ********* account. ******* **** **** locks **** *** ** that ************.

**** *******, *** **** is * ****** *******? Are *** ****** ** is * ******** ******* or *** ******* *** the ********** ******?

*** *****.

****** **** ** ********** to ***** ** ******** sites. *** ****** **** randomly **** ******. ** that *** **** ***'** concerned ****?

****** *** *** **********... and ********** ***** ******* btw...

*'* ******* ** ** from * "********** ******* device **** ********" *** cybersecurity ***********. * **** admit * ***'* **** is ** ***** **** :locks: *** ***** ** a **** ** * site, * **** *** an ******** **** **** can ** ******* *** and ******* ****** ********* to **.

** ***** ** *********** if *** *** * network *****/**** (*.*. *********) analysis ** *** ***** to *** *******... ******* questions *** ... ** it ******** ********* ******* to *** ***** (**** TLSv1.2 ** *******)... **** the ***** *** ******** authenticate (***** ***** ** the *** *****) ** the ***** ******, **** about ******* *****, *********, Denial ** ******* ************. The ******** ***** (*****, strikes, ****** ********) ** 1/2 *** *****...*** **** dangerous ***** ** *** the ******* ********** ***** you **** *** & touch.

*** **** **** *** popped *** **** ****** with * ******* ** straight *** ** *** movies!

Read this IPVM report for free.

This article is part of IPVM's 6,805 reports, 913 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports