Brivo Tested

By Brian Rhodes and John Scanlan, Published Dec 17, 2020, 10:24am EST (Research)

******* * ******* ***** ****** ******* provider *** ******** ******** *** ***** combo ****** / **** **********.

IPVM Image

** ****** *** ***********'* ********* ***** *****-***** ****** ******** ** see *** ** ****** ** ******* competitors ** *** ******** *****.

** **** ******, ** ***** ***** findings *** ****:

  • * *** ********* *** * *** weaknesses, ********* * ******** *****.
  • * ****** *** *+ ****** ******* physical ***** ******* ** *** **********, installation, ******** ** *** ***, *** management *********.
  • **** ******* ** ****** ****** ******* via *****'* ****** **** ***
  • ******** ******** *** ****** ********** *** the ***** ********** ****** *****
  • ***** *** ******** ****** ***** *****-***** access *******

******, ** ****** *** ******** ** how **** *** ****** ********, ***** it ** ****, *** *** ** compares ** ***** ***** *********.

Strengths *******

*** ***** ****** *****'* *** *********:

  • **** ** ***: *****'* ****** ****** ** ********, stable, *** *** ****** *** ********* are **** ** **********. ******** ** other '***** ******' *****-***** *******, *****'* layout ** ****** *** *** ******** worked ** ******** ***** **** ** our *****.
  • ***** ********** & ******:*** ********** **** ***** ***** ******** devices ****** ****** *******, ********* ** quicker/less ********* ******** *** ********** **** control.
  • *** *******:*** ****** **** ***, ******** *** number ** ******, *** *********** *** voltage ***** ********.
  • ******** ********* ******: *** ****** ***** **** *** kHz *** **.** *** ****** ***********, meaning **** *** ****** *** ** used *** ********** ***** ******** *** kHz *********** *** ***** ******** ** more ****** **.** *** *****.
  • ********** ****** *******:*****'* ****** *** **** *** *** operation - ********* ***** - *** it ******** *** ************ *** ** in **** **** ** ******** **** from ********* ******* *** ***** **** network (*** **** ***** **********).
  • *****-*****: ****** **** ****** ******* **** require ** **-******* ****** ** *** embedded ******* ** ******* ***********, ***** does *** ******* *** ******* ******* configuration ** ******** *** ****** ***.

Weaknesses *******

*******, *** **** ******* *** ********** key ********* ** *****:

  • ******* **** **** ****: ** *** ****** ** ******* from *** ******** *******, *** ****'* lock ****** ** ******* *** *** be ****** ****** **** **** * battery.
  • ********** ****** ******: **** *** **** *** *******, the *************-***** ****** ****** ***** *** not *****, ******* *** **** ***** could ** ****** ******* *** ****** being ********. ** ******* *** **** many ***** **** ** ************ ** happened.
  • *** '*****' ****** ***** ********: ***** * *** ******* ******* of ***** *** ** **** *** most **********, *** *** ***** '*******' version **** ***** ** **** *** setup *****.
  • ******* ********* *******: *** ****** ***** **** ***** serial *******/**** *** *** *** ******* credentials, ********* *** ******** ******** *** storage ** ***** *******.
  • ** *******: ***** ****** ******* ** ****** floorplans ** *** ***** *********, *** large ** *********** ******* *** ********* to ********.
  • *** ********* ******:***** ****** ***** ******** ******** ** unlock *****, ****** **** ***** ****** solutions (*.*: ***, *****, ********) ***** cannot **** ******** ** ****** *****.

Hacking ****** **** ***** ****

*** **** ********** ******** **** *****'* ACS100 ** **** ******* ** ***** design **** **** *** ****** **** on *** *********/**** **** ** *** door (******** *** ***** ***** *******), the **** ******* ***** *** ** easily ******** **** ** ****** *** door.

** *** ***** *****, ** **** how **** ***** ***** *** ******* from *** ******, ** ******** ******* can ** ********* ** ***** *** strike **** *********:

*** **** ******** ******** ** *** ACS100 ** ********** ** **** ******* wire ****, ********** ** ******* *** lock ** ******** **** (**) ** normally ****** (**) *********.

**** ** * ****** **** ** the ******* **** ***** **** *** easily ******** **** *** **** ** removed:

IPVM Image

Not ******** **** ***** ****** ***** *****

***** ***** **** ******* ***** * contact ***** (*.*.:****** '******** ******** ******') **** ** ********* ** *** inside/secured **** ** *** **** **** protects ******** *** ***** ** **** way ****** ***** ***** ** *******.

***** **** **** **** **** ** not ***** * ******* ******. ***** this ********, ** ****** *** ***** these ***** ** ****-******** ** *********/******* openings.

Unreliable ****** ******

*** ******* ** *********** ******* **** wires ** **** ************* ***** ** a **** ****** **** ***** *** not ****.

*** ****** *** *** ******* ****** alarms: *) *** ****** ****** ****** beeping *** *) *** **** ** supposed ** **** * ************ ** the ***** ******.

*******, ** *** *******, ** ***** notification *** **** ****, *** *** local **** ******* ***** ***** *** not ******. **** **** ** ***, the ****** *** **** ****** **** it ***** ** ****** ******* ***** the *** ***** *** *******.

** *** ***** *****, ** **** removing *** ****** ** **** ** tamper ** ********* ** ***, ******* allowing *** ********** ****** ** **** wires:

** **** ***** ***** *** ****** problems, *** **** ********* ** ********** the **** ** ******** **** * tamper ***** *** *** *** ******* the *********** ********:

*** ****** ****** ******** ** *** start ****** *** ***** ******. ** has * *****-** ************* ** ****** motion.

*******, ***** *** **** *** ****** can ** ******* ******* ******** *** accelerometer, ** ****** *** ***** ***** units ** ****-******** ** *********/******* ********.

Cloud ********** *****

*** ****** ** ******* ** *****'* cloud-based ****** (****** *****) *** **** be ********* ** * *** ****** and **** ******** ******. *** *****-***** management ****** **** * *** ****** instead ** ** **-******* ****** ** software ******.

** ***** ** '***** **********', *** test ****** ***** *** **** ***** grant ****** **** ** *** ****** was ************, *** *****'* **** **** worked ** ********* ** *** ********.

** *** *******, *** *******/*** ******* events ********* ** *** **** *** showing ** *** *** ****** *** typically **** **** * *******.

*******, ****** ********** **** ********* *********, Manual *******, *** ****** **** ******* took *** ****** ** ****.

IPVM Image

Physical ********

*****'* ******** * ****** **** ********** **** an ********** ********** ******.

*** **** ******** * ******-**** ****** controller **** * *** *** *** 13.56 *** ****** ** * **** enclosure. *** **** ** *** ******* and ******** *********** ** ********-**-**** ******,**** ******** ******, *** * ****.

*** **** ****** ** * ******** electrical ******** *** *** ******* ****** onto *****, **** *** **** *******:

IPVM Image

** ********* ** ******** ****** *** door ******** ****** ** *** **** during *******.***** ********* ** ***** ******** ****** ***** ** *****, *** test **** *** **** ****** ***** full-sized *****, *** **** * ******.

*** ******** ***** ***** ******* *** overall **** *** ************:

**** ** $***, **** *** ****** model ******* ~$** ****.

Reader *******

************* ****** *** ****, ***** ****** was *** ********, ** *** *** other ****** ****.

*** *******, ** * ****** ** invalid ***** ** **** **** *******, the **** ***** *********** **** **** from ******* ***** ***** *** ***** was ******* ** *****.

****** ***** ******, *** ********** *** would ***** *** *** *** **** would ******* **** *********** *** ******* to ****** *******:

Wavelynx ***

********* ** ******* ******** ***** *******, *** ******** manufactured *** *****.

** ***** ******* ******** ****** ******-**** ***** **********, *** **** ** ***'* ** Wavelynx. ***** *********:

***********************************************************************************************'********************************.

*******, *** **** ****** ****** ***** design ****** **** ***** **** *******, even ** **** ** *** *********** the ***** **********.

************ *** ********** **********, ** *** testing, *** ***** *** **** ***** possessed * ******** '**** *********' ******* that ****** **** ** *** ******* when ********** ** *** ***** *******.

***** **** ******* ********** *** ***** and ***** *********** ***** ******* *** problem *** **** *****.

OnAir ********

*** ***** ** ******* ** *****'* cloud-based ****** (****** *****) ********** ***** with * ******* *** ******** ****** to ******* *** ****** *** ******. Users ** *** *** ***** ******* or **** *** *** ** ** an ***** ******.

*** **** ********* '******' ****** ***** the **** ****** ****** ******** *** system ******, ******** **** ** *** most ****** ******** *** **** ********** when ***** *** *******, **** ** manually ********* ***** **** *** '*******' screen.

*** ***** ***** ***** ** ******** of *** ******** ******* ***** *** latest ******* ** *****:

Adding ***** *** ***********

****** ***** *** *********** *** ** done **** * ****** '*****' ********* tab. **** ************* ***** **** ** able ** ***** *** ****** *** users, ** *** ******* ********* ******* registration *** * *******:

IPVM Image

** **********/******* *****, ******* **** *********** revoke ****** *** ********* ******** ***** the ****'* **** ** *** ****, meaning **** *** ** **** ******* and ********* ** *** **** ******** clicks ** **** ******.

***** ********* ***** ** *********** *** allowed: '*** ****' ******** ******/ ****, management ******** ***, *** *********** ** unlock ******** ***** *** *** ***** app.

** ******** *** ****** ***** ****** generic ****** ***********, *** *** ****** as ******** **** ** ******.

*******, *** ***-***** ********* **.** *** credentials **** ****** ******* *** ****** SEOS, **** ***** ***/ **** *** registered ** *** ****** *** ***** data ** *** *********** *** *******.

***** ********* ****, **********:

*** ***-**** ****** ******** **** ****** frequency *********** *** **.***** ***********. ***** the ****** *** **** ***** *****, it **** **** ** **** ** decrypt ***** ***** ***********. *** ***** smart ********** **** **** ******* *** card ****** ****** (**** ** *** iClass).

*** ****** ** ****** **** ******** a ****** **** ******** * ** to * ********* *** *****. ** our *******, ** *********** ** ****** with *****, *******, ** ******** **** in *** ******.

No **** ** ****** *********

***** ***** ***** *** *** **** to ****** **** ** *** ******* details. *** ******** ** *****/******** ****** a ******** ** *** ********* ** location, ***** *** ** *********** *** large ** ****** ********* *******.

Manual **** ******** & ********

** ***** ** ****** **** ******** to '**** ******** **' *** ******** unlock *****, *** ******** *** ******* needed *** **** ** **** ******* in *** '*******' ******.

*** **** ***** ** **** *****, OnAir ***** **** **** ***** ** fewer ****** ** ****** * **** regardless ** **** ***** ********/******* **** may ** *****.

** **** **** ** *** ***** below:

Old '***** *******' ***** ******

***** *** ****** ******* ** ***** will ** *** ****** **** ****, the ***** '*******' ******* ** ***** needed ** *** *** ********* ******/*****/***** to * ******.

*** ***** ***** ****** **** *** have *** **** ************* ** ***** screens ****** *** * ***** ******, and **** ***** ****** ********** ******** the ****** ********* ****** *** * few, *** ********, *********.

*** **** ***** ***** ********* ****:

***** ******** ** ****** ****/** ***** critical ******** **** ** ***** ** the *** ***** *********.

Brivo **********

*** ****** ******** * ****** ***** app *** ***** ** ******** ********* doors **** ***** ******.

***** '*********' ********* ****** ** * user ********** * ****** ****** **** when * ***** ** ****** *** pocketed, *** ***** *** ******* * user ** ****** * ****** ****** or ********** ******* * ****** ** unlock *** *******.

IPVM Image

***** ********* *** *******:

***** ****** **** ****** ******** **** to ****** ***** **** ** *** require *** **** ** ** ******* all ** *** ***** ** ********* the *****, ******* *** ***, ******* door, ***.:

  • ***** ****** -- *** ** *** major, *** ******** ** *** ****** is *** ******* ** *** ** the ****** *** ******* * *** unlock ** *** **** ******* ******** the ***** **** **** ******.

  • **** ********* -- ******** ******* ** BMP **** ****** *** ***** ** create ****** ***** ******** ** ****** their *****

  • ***** ****** -- ******** ******* ** BMP **** ****** ***** ** ****** doors ******* ******* *** ***** ****** Pass *** **** ****** ***** **** screen (*******) ** ***** **** (***).

***** *** '*********', ** ********* **** a ***-****** ******* ** *** ****** with * ***** ** * ****** indeed ******* *** ****:

*******, *** ******* ** ~*-****** ******* touching *** ****** ** ******. ***** pandemic ********, *** *********** ****** ** a ***** ** ***** **** ******** potentially ******** ********.

** ***** ** ***** **** ******** or *******, ** * ***** ** pocketed *** ********** *** *** ******* hear * *******, *** ******** * phone ** ***** ******* **** ** is ****** ** ****. ********, ******* to ******** * ****** **** ***** likely ** ******.

***** **** ****** **** ***** *** included **** **** *** ******, ********** users **** ~$*.** - $*.** *** month, ********* **** ** ****** ** 100 ** **** ******* *** ****** channel.

*** **** ** * ***** ****** credential ** **** **** *** ******, which **** ~$*.** *** ***** *** user.

Pricing ********

*** ****** *** ** **** ** $899, *** ***** ** **** ** dealers, *** ************, *** ******* ****** by ****** *** ** ********.

** ***** ** *****, ***** ** one ** *** ****** ********* *******, generally ******* ~$* - $** *** door *** *****, ** * ****** cost ** ~$** - $*** *** door.

*** ********* ********** ***** ******** **** with * ******** ******* ********.

OnAir ***** *** ******** ***** ***********

***** ***** ******** *** ***** ** video **** *** ***** *********,********** ****** ***** *****. *******, ***** integration ** ** ***** ******* *** not ******** **** *** ***** ********.

**** ***** ** **** ***** *********** in * ****** ******.

Brivo ******** ** ***** ***** ****** *******

***** *****-***** ****** ********* *** ********, there *** ******* ***** ********* ** the ******. ***** *******:

** ***** ** *****, ***** ** one ** *** ***** ********* *******, generally ******* ~$* - $** *** door *** ***** ** * ****** cost ** ~$** - $*** *** door.

** ********, ******* ** *** **** expensive ****** ****** *****, ******* ~$*** - $*** *** **** *** **** for *******.

*******, ******** **** ***** *********** *** mobile *********** *** ** *** ***** monthly ***** **** *** *** ******** in *******'* ****** *** ** ********** fee.

**** * ********** ***********, ******* **** offers * ****** *-**** $*,*** ********** that **** ** ********* ********** ** the ***** **** ***** **** *** 4 ********* ***** ** ***. ** that, ********** ******* **** ** *********, adding ******* ~$*** - $*** *** door.

*** ********, **** ** *** ***** a ***** ****, *** ******** ******** a ***-**** *** ********** *** $***. An ********** ******** ****** **** ** needed, ********* ** * ***** ***** of ~$*** *** * ****** ****, and * ******* *** ** ~$** per ****, ****** *** ***** ****** than *****. *******, ******** ****** ****** access ******** **** ***** **** ***, including '*****' *** '*********' ****** ******* handling ** ***.

** *** **** ** *** $*** MSRP ***** ** ***** ***** ****** systems ***** ******-**** ******* ******** ***********, the **** **** **** *** *** reader ********** ****** **** *** ******** controller *** ****** ******** ***-***** **** systems.

Software & ******** ****

*** ********* ******** ******** *** ******** was **** *** *******:

  • ***** ***** ***.** /********
  • ***** ****** **.*.*.*
  • ***** ********** ****
  • ****** ****** * **.*.****.**
  • *** ***.*, ****** ** ***

Comments (11)

Brivo responded to our report with feedback:

Re: 'The system includes a mobile phone app for users to manually unlocking doors from their phones by way of the controller, not via a reader.

Brivo MobilePass unlocks doors via the controller, not the reader, similar to the method used by Verkada's Pass app, but unlike the 'touchless' reader methods used by HID, Openpath, and Proxy among others.'

Brivo Mobile Pass supports both modes of operation:

  • Controller-based unlocks over the internet (any reader)

  • Reader-based unlocks using the phone’s Bluetooth connection (Brivo Readers and ACS100)

When using the Bluetooth connection to the Brivo Reader, the BMP is read, transmitted, and treated in the same way as a physical credential by reader and the panel.

They also clarified pricing for mobile pass, which we will revise in the report.

We are testing the 'Fluid Access' point feature now, although physically touching a reader to trigger an unlock is still a potential COVID/ transmission issue.

Agree
Disagree
Informative
Unhelpful
Funny

Brivo also responded with this objection about the limitations of their app, which we have verified through testing and updated the report:

Brivo Mobile Pass offers multiple ways to unlock doors that do not require the user to go through all of the steps of unlocking the phone, opening the app, finding door, etc.:

  • Fluid Access -- One of the major, new features of the ACS100 is the ability to tap on the reader and trigger a BMP unlock of the door without removing the phone from your pocket.

  • Siri Shortcuts -- Existing feature of BMP that allows iOS users to create custom voice commands to unlock their doors

  • Smart Widget -- Existing feature of BMP that allows users to unlock doors without opening the Brivo Mobile Pass app from either their home screen (Android) or Today View (iOS).

While not 'touchless', we confirmed that a two-finger contact on the reader with a phone in a pocket indeed unlocks the door:

However, two fingers of ~2-second contact touching the reader is needed. Given pandemic concerns, the contactless waving of a badge is safer than touching potentially infected surfaces.

In terms of using Siri commands or Widgets, if a phone is pocketed the microphone may not clearly hear a command, and handling a phone to speak clearly into it is likely as well. Likewise, swiping to activate a Widget will still likely be needed.

Agree
Disagree
Informative
Unhelpful
Funny

The whole touchless/zero interaction idea may seem appealing in this pandemic, but would you really want doors being unlocked just by having someone with a valid credential walking by a door? Imagine how easy that would be to compromise. And besides, unless you are using automatic door openers you are still having to touch the door/handle.

Agree: 2
Disagree
Informative
Unhelpful
Funny

Does Brivo offer geofencing?

Can you speak to this type of system being able to handle multiple sites, user limitations, response time?

Can IPVM create a document or report that compares the "cloud based" vendors? One that summarizes all the goodies and the costs that your reports contain?

Agree: 1
Disagree
Informative
Unhelpful
Funny

Hello Jason!

Does Brivo offer geofencing?

In terms of the ACS100 or OnAir systems?

I do not believe the option is there for either, but the company has used BLE beacons in the past, and I'll ask them for feedback.

Can IPVM create a document or report that compares the "cloud based" vendors?

This is a good idea, and while we have just begun an updated look at cloud access systems with Proxy, Openpath, Verkada, we plan on adding more in 2021 and it will culminate in a 'shootout' comparing systems as is typical for us.

Thanks for bringing it up!

Agree
Disagree
Informative
Unhelpful
Funny

Agreed Jason .. the cloud-based access systems are changing every day and some of the features/advantages/shortcomings of each may not be evident until you actually buy one, install and program it, and see what is really different from your usualy systems you offer.

I have found some of the biggest drawbacks to the cloud-based systems are that they don't usually record all the events that an on-premise system (or one that has a web interface but is still on-premise) does:

Example: With a on-premise system, if you are using a complete door setup that includes a door status sensor and a REX device like a motion sensor, you should see the following events in the history log after someone presents a valid credential:

1. Valid Admit, 2. Door open, 3. REX input, 4. Door Closed

From a forensic standpoint of a "real" security/access system, you may not need to review these events very often, but during commissioning and testing, it is very useful and most of us are used to having these events to review not just in real time, but after the fact. Most cloud systems, either in their zeal to reduce network traffic to the cloud or because they are mainly "convenience" access control systems, do not record events 2, 3, and 4. You do see the real time state of the doors and when they change of course, but when you have a door in a scheduled unlocked state, it is useful (and required in my mind) to record every time the door is opened or closed for later review if needed.

2. Reports

Some cloud based systems do not offer as convenient or as granular history searches as on-premise systems. Most on-prem systems allow the choice of door, person, event type, and time/date in any combination. There may not be as many event types offered in a cloud-based system and the 4-way granularity may not be there. It seems cloud-based systems are optimized for database efficiency, which makes sense from a cloud application standpoint, but not from a traditional security database standpoint.

3. PIN Keypads on readers

Many cloud-based systems require the use of their own reader in order to enjoy all the benefits of their Mobile apps and this makes sense. Their readers are designed to use all of the features of their system as far as the BLE/geo fencing features as well as the things like tap or wave in front of the reader with your mobile device still in your pocket .. very cool and well-received features. However, these cool readers often do not come with an embedded PIN keypad option. There are numerous use cases for using a PIN password in the traditional access control situations that these newer systems cannot accomodate without mounting a weigand keypad next to or near the "smart" reader.

4. All this being said, on the plus side are the easy to deploy mobile apps that were designed from the ground up for the mobile credential world as well as the easy integrations with active directory type situations where the IT side of the end user is provisioning most of the security. For most small-to-medium systems though, where these cloud base systems should really shine, the active integrations offered by the cloud-based systems (they're not usually free) are seldon needed or used.

Two cents for now ... going through some of this as we speak.

Agree
Disagree
Informative: 5
Unhelpful
Funny

Point #1 is something we found sorely lacking in our initial system testing.

Our testing has confirmed that can not verify door position/Rex functionality and status with Brivo. A serious oversight in my opinion

Agree
Disagree: 1
Informative: 1
Unhelpful
Funny

Something tells me a A bigger problem is simply swapping out one acs1000 with another box registered to another different account. Nothing they have locks that box to that installation.

Agree
Disagree
Informative
Unhelpful
Funny

Just curious, how that is a bigger problem? Are you saying it is a security concern or MRR concern for the installing dealer?

Agree
Disagree
Informative
Unhelpful
Funny

Hey Scott.

Panels must be configured to doors at specific sites. You cannot just randomly swap panels. Is that the risk you're concerned with?

Agree
Disagree
Informative
Unhelpful
Funny

Thanks for the additional... and absolutely great article btw...

I'm looking at it from a "networking enabled device with Ethernet" and cybersecurity perspective. I will admit I don't what is in place that :locks: the panel to a door at a site, I just see an Ethernet jack that can be swapped out and another device connected to it.

It would be interesting if you did a network trace/dump (e.g. wireshark) analysis on the panel to the network... initial questions are ... is it verified encrypted traffic to the cloud (like TLSv1.2 or greater)... does the cloud app MUTUALLY authenticate (using certs at the TLS level) to the panel itself, what about network scans, backdoors, Denial of Service opportunites. The physical stuff (wires, strikes, tamper switches) is 1/2 the story...the more dangerous stuff is all the logical networking where you cant see & touch.

The fact that you popped the door strike with a battery is straight out of the movies!

Agree
Disagree
Informative
Unhelpful
Funny
Subscribe to IPVM Research to read the full report.
Why do I need to subscribe?
The IPVM Research Service includes products tests and shootouts plus competitive and financial analysis, helping decision-makers better evaluate purchasing, partnering, developing, and/or competing against companies in physical security.
Already have an account?
Loading Related Reports