Second, I have never had a problem with a Ryobi tool, and I was interested in the PhoneWorks brand of "smart home improvement" tools they offered. Particularly, I have needed a remote camera and they offer one for about $79 that connects to your smart phone. I purchased one a few weeks ago and set out on home improvement.
What caught my eye was how the device actually connects to your smart phone. You need a Ryobi PhoneWorks app installed and this application will ask for access to your camera and your photos on the phone. I allowed it. Then, in reading the device instructions, I was to turn on the device then connect to the "PhoneWorksScope######" Wi-Fi access point. It appears that each handheld device generates its own hotspot with a unique hex suffix so that each device is different. The Wi-Fi access point is protected by WPA/PSK encryption, but the default password is "123456768".
After connecting, I decided to investigate the connection further. My iPhone showed an IP address of 192.168.0.20 with a default gateway of 192.168.0.1. It was obvious that I would turn on the laptop and connect to the same access point. The laptop was given an IP address of 192.168.0.21, so there is a DHCP service running.
Next, I turned my browser on both the phone and the laptop to 192.168.0.1 and was prompted by a web server for a username and password. The logical choice is ADMIN and ADMIN, and it worked! Wireshark reported that it was the BOA 0.94 web server running a non-secure TCP http connection on port 80. Wireshark also reported numerous UDP connection attempts from the device to the iPhone (192.168.0.20) across a range of ports.
On the web server, I saw many Chinese characters and was able to understand them using the Line Chinese-English Dictionary at http://ce.linedict.com/dict.html, where you can draw a character to help you determine which character it represents. This was my first time using this site, but I will definitely bookmark it. They have a great product, and highly recommend trying it.
The above image shows the second tab from the left hand menu... the web server on the device was able to sniff local Wi-Fi access points and reported my home network on the list. I have NOT tried to connect yet and will set up a dummy network to see if the device will automatically connect to an open network or if the device can be connected to a protected network. I will also watch the packets to see if any information leaves the network for an outside web server.
I will have more later, but here are a few open questions:
1) With the application running on the phone and listening on ports, what information can be pulled from the phone even when you are not actively using the application?
2) Will an application running in the background allow UDP connections on those ports to gain access to photos on the phone?
3)With the device running as designed, can an attacker gain access to photos or information on the phone since the SSID and password are known and there is no authentication between the phone and the device?