Nortek Mobile Access Reader BluePass Examined

By: Brian Rhodes, Published on Feb 12, 2019

Nortek's Linear access control division claims to make mobile credentials "more secure and easier to use than ever before" with their BluePass reader.

However, the company's approach potentially uncovers big security vulnerabilities. Inside we examine:

  • BluePass Readers & Credentials Key Claims
  • Linear System Pricing
  • Potential Wiegand/125 kHz Weakness
  • Compared to HID Origo Mobile & Openpath Readers
  • Partnership with Unikey

******'* ************ ******* ******** ****** to **** ****** *********** "more ****** *** ****** to *** **** **** before" **** ************* ******.

*******, *** *******'* ******** potentially ******** *** ******** vulnerabilities. ****** ** *******:

  • ******** ******* & *********** Key ******
  • ****** ****** *******
  • ********* *******/*** *** ********
  • ******** ** *** ***** Mobile & ******** *******
  • *********** **** ******

[***************]

Product ********

******/******'* ******** ****** ******** non-mobile *******, ******** ****** users ** ******* ***** or ******* *********** ** transmit *********** *** ********* Low ****** (***).

*** ***** ***** ** the ************'* ********:

*** ********:

  • **** ********** ******: ******** ***** **** app-based *** ** ******** 26-bit/37-bit *** *** ***********.
  • ***** *******: **** ***** *** readers (*.*.: ********), ***** *** **** an ********* ***** ** their ****** *** ****** 'touch' *** ****** ** unlock *** ****.
  • ***** **** **** ****** Systems: *** **** ******** to * ********** *** Wiegand *** **** ******* data *******, ** ******** can ** ******** **** most ******** ******* ** swapping *** ******.

Key ***** ******* / ************

*** ******** ****** ****** does **** * ****** of ******* ******** ** relative ************, *********:

  • ******* ****: * ******* ************* in ******** ********** **** exists ******* ******** **** not *** ********* ************** like ****.
  • **-*** ** **-*** ****: ** ******* *** using ****** ** ***** credential *******, ******** ****** a ****** ** ******* format *** ***** ******* by *** ******.
  • ****** ****** *****: ****** ****** **** factors, **** *** *** equipped ****** ** ****** range ****-***** ***** *** not *********.
  • ***-********** ********** ******: *** ************** ********, a *** ****** **** be **** ******** **** the ****** ****** ******, causing ***** ** ****** the **** **** ******** times.

BluePass ****** *******

****** ****** *** ******** readers *** ~$***, ********* from **** ******** *** alarm ************ *** ****** resellers.

Credential *******

****** *** ********** ****** tokens ***** ******* $*.** - $*.** **** ** a ***-**** ********, ********* on *** ******* *********. Packages **** * - 100 *********** *** *********.

** ********* ****** ** credential **** ** **** each **** ****** **** have * ******** ********** assigned ** **, ********** if ** ******* ** be ****** ** *** same ********** ** *** access ******.

************, *********** *** *** transferable *** *** ****** to ******** *******. **** cannot ** '******' *** circulation ***** ******** ** reissued **** **** ******* are ******** ** ********, and *** ******** *********** must ** *********.

********** With ******** *** *** ***********

*** ** *** **** interesting ******* ** ******** can ****** **** ***** of ******** ****** *********** so **** ********** *** be **** ******* **-*********** existing ****** *******.

******** ****** ** *** import ******** ** *** or ** *** *********** and ****** ****** ****** to ****** **** ***** those *******. ***** ******** to **** ***** *** credential *****, **** *** two ** *** **** common *** ******* ****** credentials ** ***. ***** more ****** ********* ** advanced ******* ****** ** used, **-***/**-*** *********** ****** popular, **** ****** **% ** *********** ***** ******* *** **** 'Most *******' *** **** existing ******* ***** ***** them.

****** ****** *** ****** process ******** ********* * .csv **** **** ******** card *******, *****, *** email ********* ** ***** web ******, *** **** those ******* *** **** converted **** ******** ****** that *** ************ ** users **** ***** ******.

Single ***** ****

*******, ***** ******** *********** information ***** ** ******, the ******** ****** **** comes ** * ******, mullion *****, ***** (******** credential) **** ***** ***** *** may *** ** ******** for ***** **** ** reader ***********. ******'* **** BLE/125 *** ****** **** into ******-**** ***** **** an ******** *******.

*** ****** ****** ** be **** *** **** 5-16VDC ***** @ ***** typical ** **** ***** and *** ** ******* by ********** ******* **** *********** ******* ******* ********** ***** supplies ** *** *******.

*** ***** ******* ***********, the **** **** ***** generic *** *** ***** or ****.

** ****, *******, *** ******** reader *** ** ****** (No *** *******), *** the **** ***** *** standard *** *** ** within ******, *** ************ with ******** ***** (*.*.: Parking *******), **** *** mobile-based *** *********** *** reach.

*************, ****** ***** *** '125 *** ****** ** disabled' ** *** ***, potentially ******* ******* ********** to ******* ******** ** **** **** ****** ******* With **** $** *** 125kHz **** ******:

BLE *****

*** ******'* *** *********** must ** ******** ******** too, **** ****** ***** may ************* ****** ******** by ****** *****.

*********** **** *************:

** *** ******’* ********* reception ******** ** *** too ****,
** *** ************* **** with ** ********’* ****** device
*** ***** ************ ***** into *** ******** ****** by
******* * **** ****, or ********, *** ******.

** ****** ***** ***-*** readers, ** ********** ************* step ** ****** *** BluePass **** ********* ** minimize **** ****.

Wiegand *****

******* *** **** ** that **** ** *** supported ** ********, **** Wiegand, *** ************** **** between *** **** *** door *********** *** ** intercepted.

*** **** ** ********** to '*** ** *** middle' ******** ***$** ****** ** ******* ******* **** **** ** physically ********* *** ****** in *** ***** ** reader *****:

******** ***** *** **** even ******* ** ******** a ****** ****** ** sensor ** *** ******, so ********** **** * device ***** *********** ** undetected ** *** ******.

Middleware ********** **********

******** ********** ********** ******** *** ********** **** the ****** ********** ******** and **** ****** * separate **** ** ****** and ***** **** *** most *****.

***** ********* *** ***** and ********* *********** ** web-based, *** ** *** trial ***********, **** ** use ** **** **** an ***** **** ** required. *** ******* **** BluePass ******** ******** * credential ****** ** *** access ****** *** **** another ********* ****** ** required ** ******'* ******.

************ **** ****** ** changes ** ***** ********* should ****** ********** **** done ** *** ****** system, *** ** ***** to ********** ****** ** turn-off * ****** **********, it **** ** **** in *** *** ******.

Versus *** *****/****** ***********

*** **** ** ******** is ****** ** ** higher **** *** ** used ** ***** ******* with **** ***** **** frequent ****** ****** ********.

*** ******* ******** **** Nortek ** ****** *********** are ***-************ *** ****** be ******** ** **** than *** ******, ****** *** ********** ******* ** ***** ** 'per ****'. ** ****** BluePass, ******** ******* *** be ****** ***** *** Origo *********** *** * single ***** ** ***** $7 *** ****.

*******, **** ******, *** mobile credential ** * ***-**** purchase **** *** ** used *** *** **** of *** ****** ** was ********, ***** *** is ** ****** ****.

Versus ********

**** ** *** **** 'cool ******' ******** ********* in ******* ********'* ******* are ******* ** ********, including *** '*****' ** open ******* *** ************* with **** *** *** Android *******.

******, ******** ********* **** of *** *** *** and ******* ************ **** BluePass *** ** ********** only **.** *** ******* and ********** **** **** the ****** ** **********.

** ***** ** *** ******** ****, **** ******'* *********** *******, *** ********* ****** at ~$*** ****, *** two ***** *** *********.

**** ********, ***** ** no ****** ********** ******** required. *******, ****** ******, Openpath ******* **** **** with ******** *********** *** the ****** ****** **** be **** *** * service *** ********* ******* for *********** ** ** valid.

Versus ******** *** *** *******

******** ** *** ***** of '***-***' *** *** readers, ******'* **** ** quite ****. **** *** example *** *** **** Midrange **** **** ******* ~$130 ****** ** ******'* ~$250 *****:

***** **** *******, ********'* 125 *** ************* ***** sense *** '******' ********* credentials, *** ** ******* are ********* ***** ***** physical *********** ****** **** mobile, **** ****** *** kHz ******* *** ******** available.

UniKey *****

**** ********, ****** ** relying ** *********** ******** development *** *** ****** platform. *************, **** ******* is **** ** * partnership **** '****** ***********' developer******:

** ***** ** ********* ***********, **** ******* *** developed *** '****** ***********' piece *** **** ******** from ****** **** ******* (see *** **** **** ****), ****, ****, *** Honeywell.

Comments (10)

**** ***** **** *** cousin ** ** ***** Fire ***** ******.

**** ***** ** ** interesting *******. * *** things:

*** ***'* **** *** a ***** ****** ** the ********** ** **** the ****? **** ***** of ****** ******* ** and ******* * **** is * **** ** the ****** ** ** opinion.

*** ***** ** *** credentials ** * ******* decision. *** **** **** at ************* *** **** price ... ** **** lesss

**** ** **** ***** to *** * *** something ** ********* *** system. *********** **** ** existing ****** ******* ***** bothersome **** ********** *********** of ********...

***** **** ** **** of ***** *** ******** on *** *** ******. This ** ** ***** entrance , *** ******** yet ***. **'** **** and ***.

*** ***'* **** *** a ***** ****** ** the ********** ** **** the ****?

******* *** *** * patent ** ****.*** ****** ***** **** to *** *** ** Security *** *********** **** HID ****** ******:

*** ******** **** ***** it ******** *** ***** to ****** ***** *** open ***** **** * distance ***** ***company’s ******** “***** *** **” ******* technology.  [emphasis added]

****'* ** *****. * am ******* ** *** licenses ** ***? ***** can *** *****?

**** **** ********, *** 'twist' ******* ********** ** an *** ******: *** '***** *** **' Access *******.

************, ****** *** ***-*** partners ** ******* ****** the **** ** ******* is ****** ** * feature, *** * ********.  They ********* **** ******* doors ***** ******* **** phone ** **** ****** for *****-**** ******. 

*******, **** ***** ** accidental ******* *** ********* intrusion ** * **** will ****** ******* ** from ****-******** ***********. 

*'** *** *** *** details ** ********* *** gesture.

**** **** ** *** manufacturers *** ***** ** using *** ********** ***** into **** **********. **** phone *** ***** *** you ****, **** "****", so **** *** **** up ** *** **** the *** ***** ** is ***. ***** *********** does **** **** ***** latest ******* *** ***** very ****. *** *** also ***** *** **** you **** ******** **** when ******** ** **** everyday ** ** **** only ****** ***** ***** applicable.

********* ******* *** ***** a **** *** *** but *** ******* ****** everyday, ********** **** ***** built ** ********** **** already ****** ** *** phone ******* ** *********** the *****.

*** **** ******* *** Blueline *** **********?:

******** - ********* *** NFC *******

****://***.***-******.***/********/********

** * ******* **** Blueline ** ***********/ **** functions **** *** ******?

* ***'* ***** **, but * ** **** RBH ***** ****** ****. It *** ****** ** me *** ** ****** certain **** *** *** of ** **** ********* to **** ** *** time.

***** ****** :) ****** lost ** ** ****** and ** ****. *** credential ** *** ****** will ** * ****** phone *** ** ***'* be **** ****** ****** for ** *******. 

***

**

****** ***** ** **** that ******* ** ***** RC-01 *** **-* ******* ... ******* **** *** HID ******* ... *****'* tried ** ***.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Proxy Access Control Tested on May 09, 2019
Silicon Valley Access Startup Proxy raised $13.6 Million in May 2019, focusing on mobile physical access control. Beyond the fund raising, Proxy...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
Farpointe Data Conekt Mobile Access Reader Tested on Jun 13, 2019
California based Farpointe Data has been a significant OEM supplier of conventional access readers for years to companies including DMP, RS2, DSX,...
HID Mobile Tested on Jun 21, 2019
HID Global is one of the largest access brands, but their mobile access has had challenges. Indeed, the company has already restructured their...
Nortek Blue Pass Mobile Access Reader Tested on Jul 11, 2019
Nortek claims BluePass mobile readers are a 'more secure and easy to use approach to access', but our testing uncovered security problems and...
Mobile Access Control Shootout - Farpointe, HID, Openpath, Nortek, Proxy on Jul 29, 2019
One of the biggest rising trends in access control is using phones as credentials but which offering is best? IPVM has tested five of the...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Directory of Access Reader Manufacturers on Nov 27, 2019
Credential Readers are one of the most visible and noticeable parts of access systems, but installers often stick with only the brand they always...

Most Recent Industry Reports

Every VMS Will Become a VSaaS on Feb 21, 2020
VMS is ending. Soon every VMS will be a VSaaS. Competitive dynamics will be redrawn. What does this mean? VMS Historically...
Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
AI/Smart Camera Tutorial on Feb 20, 2020
Cameras with video analytics, sometimes called 'Smart' camera or 'AI' cameras, etc. are one of the most promising growth areas of video...
China Manufacturer Suffers Coronavirus Scare on Feb 20, 2020
Uniview suffered a significant health scare last week after one of its employees reported a fever and initially tested positive for coronavirus....
Cheap Camera Problems at Night on Feb 19, 2020
Cheap cameras generally have problems at night, despite the common perception that integrated IR makes cameras mostly the same, according to new...
Milestone Launches Multiple Cloud Solutions on Feb 18, 2020
Milestone is going to the cloud, becoming one of the last prominent VMSes to do so. Milestone is clearly late but how competitive do these new...
Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101 examines the most common options and architectures used in...
UK Stands Behind Hikvision But Controversy Continues on Feb 18, 2020
Hikvision is exhibiting at a UK government conference for law enforcement, provoking controversy from the press, politicians, and activists due to...
IronYun AI Analytics Tested on Feb 17, 2020
Taiwan startup IronYun has raised tens of millions for its "mission to be the leading Artificial Intelligence, big data video software as a service...