A penetration tester is tasked with assessing the security of smart locks at a facility. These locks use a short-range wireless communication protocol often found in IoT devices. Which approach is MOST effective for gathering information that could facilitate unauthorized access?
Attempt to pair with the lock using a brute-force method to guess the key.
Directly sniff ongoing traffic in hopes of intercepting sensitive data exchanges.
Engage in passive eavesdropping to analyze communication patterns and intercept cryptographic keys.
Employ a replay strategy with intercepted messages to gain unauthorized entry.