This looks like the cousin of my Alexa Fire Stick Remote.
Nortek Mobile Access Reader BluePass Examined
Nortek's Linear access control division claims to make mobile credentials "more secure and easier to use than ever before" with their BluePass reader.
However, the company's approach potentially uncovers big security vulnerabilities. Inside we examine:
- BluePass Readers & Credentials Key Claims
- Linear System Pricing
- Potential Wiegand/125 kHz Weakness
- Compared to HID Origo Mobile & Openpath Readers
- Partnership with Unikey
Product ********
******/******'* ******** ****** ******** ***-****** *******, allowing ****** ***** ** ******* ***** or ******* *********** ** ******** *********** via ********* *** ****** (***).
*** ***** ***** ** *** ************'* overview:
*** ********:
- **** ********** ******: ******** ***** **** ***-***** *** or ******** **-***/**-*** *** *** ***********.
- ***** *******: **** ***** *** ******* (*.*.: ********), ***** *** **** ** ********* phone ** ***** ****** *** ****** 'touch' *** ****** ** ****** *** door.
- ***** **** **** ****** *******: *** **** ******** ** * controller *** ******* *** **** ******* data *******, ** ******** *** ** retrofit **** **** ******** ******* ** swapping *** ******.
Key ***** ******* / ************
*** ******** ****** ****** **** **** a ****** ** ******* ******** ** relative ************, *********:
- ******* ****: * ******* ************* ** ******** credential **** ****** ******* ******** **** not *** ********* ************** **** ****.
- **-*** ** **-*** ****: ** ******* *** ***** ****** or ***** ********** *******, ******** ****** a ****** ** ******* ****** *** doors ******* ** *** ******.
- ****** ****** *****: ****** ****** **** *******, **** PIN *** ******** ****** ** ****** range ****-***** ***** *** *** *********.
- ***-********** ********** ******: *** ************** ********, * *** portal **** ** **** ******** **** the ****** ****** ******, ******* ***** to ****** *** **** **** ******** times.
BluePass ****** *******
****** ****** *** ******** ******* *** ~$250, ********* **** **** ******** *** alarm ************ *** ****** *********.
Credential *******
****** *** ********** ****** ****** ***** between $*.** - $*.** **** ** a ***-**** ********, ********* ** *** volumes *********. ******** **** * - 100 *********** *** *********.
** ********* ****** ** ********** **** is **** **** **** ****** **** have * ******** ********** ******** ** it, ********** ** ** ******* ** be ****** ** *** **** ********** to *** ****** ******.
************, *********** *** *** ************ *** are ****** ** ******** *******. **** cannot ** '******' *** *********** ***** visitors ** ******** **** **** ******* are ******** ** ********, *** *** BluePass *********** **** ** *********.
********** With ******** *** *** ***********
*** ** *** **** *********** ******* is ******** *** ****** **** ***** of ******** ****** *********** ** **** enrollment *** ** **** ******* **-*********** existing ****** *******.
******** ****** ** *** ****** ******** 26 *** ** ** *** *********** and ****** ****** ****** ** ****** that ***** ***** *******. ***** ******** to **** ***** *** ********** *****, they *** *** ** *** **** common *** ******* ****** *********** ** use. ***** **** ****** ********* ** advanced ******* ****** ** ****, **-***/**-*** credentials ****** *******, **** ****** **% ** *********** ***** ******* *** **** '**** *******' and **** ******** ******* ***** ***** them.
****** ****** *** ****** ******* ******** uploading * .*** **** **** ******** card *******, *****, *** ***** ********* to ***** *** ******, *** **** those ******* *** **** ********* **** BluePass ****** **** *** ************ ** users **** ***** ******.
Single ***** ****
*******, ***** ******** *********** *********** ***** be ******, *** ******** ****** **** comes ** * ******, ******* *****, short (******** **********) **** ***** ***** *** may *** ** ******** *** ***** door ** ****** ***********. ******'* **** BLE/125 *** ****** **** **** ******-**** boxes **** ** ******** *******.
*** ****** ****** ** ** **** and **** *-***** ***** @ ***** typical ** **** ***** *** *** be ******* ** ********** ******* **** *********** ******* ******* ********** ***** ******** ** new *******.
*** ***** ******* ***********, *** **** also ***** ******* *** *** ***** or ****.
** ****, *******, *** ******** ****** *** no ****** (** *** *******), *** the **** ***** *** ******** *** kHz ** ****** ******, *** ************ with ******** ***** (*.*.: ******* *******), only *** ******-***** *** *********** *** reach.
*************, ****** ***** *** '*** *** cannot ** ********' ** *** ***, potentially ******* ******* ********** ** ******* detailed ** **** **** ****** ******* **** **** $30 *** ****** **** ******:
BLE *****
*** ******'* *** *********** **** ** manually ******** ***, **** ****** ***** may ************* ****** ******** ** ****** users.
*********** **** *************:
** *** ******’* ********* ********* ******** is *** *** ****,
** *** ************* **** **** ** employee’s ****** ******
*** ***** ************ ***** **** *** building ****** **
******* * **** ****, ** ********, the ******.
** ****** ***** ***-*** *******, ** additional ************* **** ** ****** *** BluePass **** ********* ** ******** **** risk.
Wiegand *****
******* *** **** ** **** **** is *** ********* ** ********, **** Wiegand, *** ************** **** ******* *** unit *** **** *********** *** ** intercepted.
*** **** ** ********** ** '*** in *** ******' ******** ***$** ****** ** ******* ******* **** **** ** ********** ********* and ****** ** *** ***** ** reader *****:
******** ***** *** **** **** ******* by ******** * ****** ****** ** sensor ** *** ******, ** ********** such * ****** ***** *********** ** undetected ** *** ******.
Middleware ********** **********
******** ********** ********** ******** *** ********** **** *** ****** management ******** *** **** ****** * separate **** ** ****** *** ***** data *** **** *****.
***** ********* *** ***** *** ********* credentials ** ***-*****, *** ** *** trial ***********, **** ** *** ** does **** ** ***** **** ** required. *** ******* **** ******** ******** creating * ********** ****** ** *** access ****** *** **** ******* ********* record ** ******** ** ******'* ******.
************ **** ****** ** ******* ** their ********* ****** ****** ********** **** done ** *** ****** ******, *** in ***** ** ********** ****** ** turn-off * ****** **********, ** **** be **** ** *** *** ******.
Versus *** *****/****** ***********
*** **** ** ******** ** ****** to ** ****** **** *** ** used ** ***** ******* **** **** users **** ******** ****** ****** ********.
*** ******* ******** **** ****** ** mobile *********** *** ***-************ *** ****** be ******** ** **** **** *** device, ****** *** ********** ******* ** ***** ** '*** ****'. So ****** ********, ******** ******* *** be ****** ***** *** ***** *********** for * ****** ***** ** ***** $7 *** ****.
*******, **** ******, *** ****** ********** ** a ***-**** ******** **** *** ** used *** *** **** ** *** device ** *** ********, ***** *** is ** ****** ****.
Versus ********
**** ** *** **** '**** ******' features ********* ** ******* ********'* ******* are ******* ** ********, ********* *** 'Touch' ** **** ******* *** ************* with **** *** *** ******* *******.
******, ******** ********* **** ** *** 125 *** *** ******* ************ **** BluePass *** ** ********** **** **.** MHz ******* *** ********** **** **** the ****** ** **********.
** ***** ** *** ******** ****, **** ******'* *********** *******, *** ********* ****** ** ~$*** each, *** *** ***** *** *********.
**** ********, ***** ** ** ****** credential ******** ********. *******, ****** ******, Openpath ******* **** **** **** ******** controllers *** *** ****** ****** **** be **** *** * ******* *** purchased ******* *** *********** ** ** valid.
Versus ******** *** *** *******
******** ** *** ***** ** '***-***' 125 *** *******, ******'* **** ** quite ****. **** *** ******* *** HID **** ******** **** **** ******* ~$130 ****** ** ******'* ~$*** *****:
***** **** *******, ********'* *** *** compatibility ***** ***** *** '******' ********* credentials, *** ** ******* *** ********* using ***** ******** *********** ****** **** mobile, **** ****** *** *** ******* are ******** *********.
UniKey *****
**** ********, ****** ** ******* ** significant ******** *********** *** *** ****** platform. *************, **** ******* ** **** of * *********** **** '****** ***********' developer******:
** ***** ** ********* ***********, **** ******* *** ********* *** 'mobile ***********' ***** *** **** ******** from ****** **** ******* (*** *** **** **** ****), ****, ****, *** *********.
THis could be an interesting product. A few things:
Why don't they use a twist motion of the smartphone to open the door? That issue of people passing by and opening a door is a flaw in the design in my opinion.
The price of the credentials is a strange decision. One gets PROX at approximately the same price ... or much lesss
What is that issue to use a web something to configure the system. Integration with an existing system becomes quite bothersome with increasing probability of mistakes...
There will be more of those BLE products on the ACS market. This is an early entrance , not polished yet IMO. We'll wait and see.
Why don't they use a twist motion of the smartphone to open the door?
Because HID has a patent on that. HID Global Opens Door to New Era of Security and Convenience with HID Mobile Access:
The solution also makes it possible for users to unlock doors and open gates from a distance using the company’s patented “Twist and Go” gesture technology. [emphasis added]
That's my guess. I am curious if HID licenses it out? Brian can you check?
Like John mentions, the 'twist' gesture activation is an HID patent: HID 'Twist and Go' Access Control.
Incidentally, Nortek and non-HID partners in general market the fact no gesture is needed as a feature, not a drawback. They typically tout opening doors while keeping your phone in your pocket for hands-free access.
However, your point of accidental unlocks and potential intrusion is a risk will likely exclude it from high-security deployments.
I'll ask HID for details on licensing the gesture.
What some of the manufacturers are doing is using the technology built into your smartphone. Your phone can learn how you walk, your "Gait", so when you walk up to the door the app knows it is you. Lenel BlueDiamond does this with their latest version and works very well. You can also setup the path you most commonly take when arriving at work everyday so it will only unlock those doors applicable.
Bluetooth readers are still a ways off IMO but are getting better everyday, especially when using built in technology that already exists on the phone instead of reinventing the wheel.
Can IPVM procure RBH Blueline for comparison?:
Blueline - Bluetooth and NFC Readers
http://www.rbh-access.com/products/blueline
Am I correct that Blueline is proprietary/ only functions with RBH Access?
I don't think so, but I am sure RBH would answer that. It was demoed to me and am fairly certain that was one of my main questions to them at the time.
Great report :) Nortek lost me at 125kHz and no OSDP. The credential of the future will be a mobile phone but it won't be this Nortek reader for my clients.
rbl
Hi
ISONAS seems to have that gesture on their RC-01 and RC-1 readers ... Perhaps they use HID sensors ... Haven't tried it yet.
Identiv is reselling BluePass as MobilisID: