I hacked my washing machine

https://nexy.blog/2025/07/27/how-i-hacked-my-washing-machine/

93•JadedBlueEyes•3h ago

Comments

bblou•3h ago

I'm surprised you let your washing machine into your network. I now get the appeal of just an alert the washing machine is done. But I could not for the life of me allow any of these kinds of devices onto my home network. Even in isolation...

stavros•2h ago

Why wouldn't you allow it in isolation?

yjftsjthsd-h•2h ago

How isolated are we talking? A device that only has access to the internet can still get botnetted and send malicious traffic from your IP. Or burn your data cap, or spy on you for the vendor.

stavros•2h ago

But the comment said "I wouldn't allow it on my local network", not "I wouldn't allow it on the Internet".

aspenmayer•1h ago

LAN is being used in an under specified way. To my reading, a separate VLAN or standalone LAN for the washing machine wouldn’t be on “my (main/primary LAN is assumed here) local network” if I mean that “my local network” doesn’t have untrusted devices on it. I tend to read these kinds of comments with a bit of wiggle room because sometimes folks disagree about if VLANs are actually isolated enough to consider them separate local networks, as the same device may do routing and firewall or VLAN tagging, so there is isolation in principle, but bad actors can’t be expected to comply with network security policies.

I guess I can see how each of you could be right to their own reading.

stavros•1h ago

I agree otherwise, but they said "even in isolation", which removes the ambiguity.

wrboyce•1h ago

For untrusted IoT devices I’ve found that sticking them on the IoT VLAN (so no device-to-device communication, and either no or extremely limited internet access; but I let my trusted clients punch through to IoT devices) has allowed me to retain all functionality whilst being confident they’re not up to anything I don’t want or expect.

neoden•2h ago

Why?

doubleg72•2h ago

It's fairly simple to keep these devices isolated and if you have a decent firewall, you shouldn't have much to worry about. Keeping them in a separate, internet-only VLAN with peer to peer isolation is typically the standard protocol. That said, in a lot of cases, even keeping the isolated doesn't resolve any privacy concerns. Also, with some devices, you have to open up mDNS.

EspadaV9•2h ago

My dryer doesn't have a delay function accessable via the front panel, it's been "app gated", and the only way the app can talk to it is via WiFi, so if I ever need to set a delay, I have to use the app. All IoT devices are on their own VLAN though, and where possible firewalled off too. I can easily imagine more features being locked behind the app for future models.

j45•2h ago

Creating an IoT wifi that is one way is reasonably possible.

Someone shared this pdf written by someone that had a nice overview that is transferable to any router.

https://github.com/mjp66/Ubiquiti

timedout_uk•1h ago

Hey, blog author here. It only had access to the internet for a brief second, and even then it was on an entirely separate network because of how I just set up my openwrt router as a client to the main network. Our guest network is completely isolated, an explicit firewall rule had to be added so that my script could communicate with the washer while it's on this network. It has no access to anything but itself, and occasionally hears the screams of my script demanding it serves up data.

It has access to nothing, only my script has access to it - I don't see a risk here. I still have the heebie jeebies knowing it's connected to anything at all, or even the fact that it can do that, but also spending a night hacking a washing machine was incredibly funny to me and totally worth it. Plus, got some useful notifications out of it.

madaxe_again•2h ago

Respect, but this is kinda the hard way - I just plugged mine (dumb machine, not smart) in via an energy metering plug, and when energy use drops to less than 10W for more than 2 minutes, it’s done - very simple homeassistant automation. Convenient for me as the machine is 500m from the house.

bombcar•2h ago

Now I want to know why your washing machine is half a kilometer from your house.

snickerdoodle12•1h ago

Seriously, me too. I also want to know how they transport the laundry to/from the machine. I'm hoping for a conveyor belt of sorts.

XorNot•2h ago

Yeah this is my approach too. Though I need to revisit the thresholding.

qwertox•1h ago

I do the same,works great. I liked it so much that im doing the same with my microwave, after removing the annoying beeper it had. Now i get a decent single short beep and can monitor how often I've used it.

IncreasePosts•1h ago

Couldn't you just set a timer for 45 minutes, or whatever? Is there that much variance in load times?

pfych•48m ago

Some washing machines (mine at least) have some "smart" features that adjust the wash time depending on some factors. Nothing more annoying than coming to the laundry after my phone alarm goes off, and seeing the timer on my washing machine go UP(!!!) from 0:01 to 0:02 ...

maxerickson•7m ago

Eliminating any unneeded manual steps adds reliability. The load done thing goes off when the load is done, you don't forget to start it.

Smart plugs are cheap enough where it doesn't take a lot of convenience to justify it.

JadedBlueEyes•1h ago

Nex is a cybersecurity student in a house of similar people, they're gonna take every way :3

quote:

> The plan is, in future, since we can't hack something that doesn't have a brain, to instead attach a brain to it. The dishwasher is easy, we can just whack that on a smart plug and monitor when the power use surges and drops. The dryer is a bit more difficult, since they pull a LOT of power, and smart plugs typically either don't support that much power, or are incredibly expensive. So that's likely going to be some fancy vibration sensor-based thingy

drng•47m ago

Vibration sensor is exactly what I did, for exactly that reason. Zigbee sensor + home assistant and a little bit of timer logic to manage the state

dmd•1h ago

This is what I do - when the washer finishes, a light turns on in the kitchen letting us know. Then, when the dryer has drawn power for 10 seconds, the light turns back off, because that’s a good indication that someone dealt with the wet laundry. (Sometimes things get out of sync but not often!)

gausswho•2h ago

This is what Hacker News posts should be.

GuB-42•51m ago

If you like these kind of posts, maybe you should go to https://hackaday.com/ it is all articles like this every day, though usually more on the hardware side.

Here is one in the same vein: https://hackaday.com/2023/04/15/internet-of-washing-machines... => https://tratt.net/laurie/blog/2023/displaying_my_washing_mac...

bilinguliar•1h ago

I suggest pushing washing machine metrics to Prometheus, it just asks for it.

carlhjerpe•1h ago

Practical engineer in me screams: SIMPLIFY, SIMPLIFY, SIMPLIFY.

Just plug the washing machine into a smartplug and alert when power draw drops to idle for more than X minutes.

timedout_uk•1h ago

but where's the fun in that :P

carlhjerpe•1h ago

True, we all find enjoyment in different things

m463•45m ago

The fun is that you can reuse the setup for a japanese toilet, monitor energy use and use the data to play applause sounds in the bathroom after use.

pavel_lishin•1h ago

Our previous washing machine had a mechanical rotating switch, sort of like an egg timer, built into it. I seriously thought about just gluing a pair of metal bits onto it to make a physical connection when it was done, which would either do something clever like trigger a RasPi into sending me a text, or something stupid like physically triggering a doorbell chime.

thehappypm•51m ago

My washing machine also makes a stupid chime melody thing. A microphone that listens for it would also be a simple way to do it.

carlhjerpe•48m ago

I would go for the "monitor a number" before "sound recognition", unless you're talking about just using an amplifier to bring the chime into the entire house.

thfuran•5m ago

I'd dump cut the mic and wire it to some input before actually trying to check for the sound. But it's probably inconvenient to get to and monitoring overall power draw would be easy.

imglorp•48m ago

Or a current sensing transformer around its power cord.

russdill•43m ago

Can confirm this is super easy. It has the additional advantage of monitoring power usage and it allows you to cut power if the leak sensor under it goes off

pentamassiv•1h ago

Unless you are using a rooted Android, putting your own certificates on your phone is annoying. They need to be in the system certificate store which is, as far as I know, only possible with a Magisk module.

An easier way is to run an Android virtual device with an older Android version on your computer. You can then use some scripts to add the certificates and proxy the traffic to Burpsuite or mitmproxy. That way you also don't have to switch devices.

It would also be interesting to use APKLab or Jadx to look at the code of the app. Maybe you can find the key derivation algorithm. The app and the washing machine must somehow generate keys or have pre-shared secrets.

If I understand correctly, the app only works if both devices are in the same network? I like that

laurencei•1h ago

I did something with my Bosch washing machine (not like the OP). My washing machine is at the other end of the house from my home office. Sometimes I would put a load of washing on, and despite setting an alarm, might forget (perhaps I am in an important meeting etc).

So I decided to solve it.

Using the Bosch API - I can tell both when a cycle is complete, and if the door is open. Currently I use their default version, but there is a local hosted option I'll be switching too now the proof of concept works.

So using Home Assistant I have a simple script that detects when a washing machine cycle is complete AND the door has NOT been opened. This implies my washing machine has wet clothes still in it.

So Home Assistant will alert my phone (and my wife only if she is home based upon presence detection) once every 15mins that there are wet clothes waiting in the washing machine.

Very simple - works perfectly.

05•32m ago

Yeah I tried to use the builtin sensor on my LG one but it turns out, there's no 'door open' sensor per se, only the 'locked successfully' signal. So I had to add an external Zigbee reed switch door sensor..

firesteelrain•47m ago

Assuming the only reason this works is because the washing machine and app don’t use TLS 1.2 and instead some homegrown Caesar cipher?

Otherwise, you would need some MitM style attack?

timedout_uk•36m ago

The washing machine doesn't use TLS at all and instead opts to just XOR data, explained later in the post.

firesteelrain•34m ago

I understand. I was saying how this could have been avoided by the manufacturer

The General Economics Theory of Enshittification

Deeper Theories of Program Design

Show HN: A WordPress MCP Server – Connect Claude Desktop to WordPress via AI

A poo dose a day may keep bipolar away

How Being Smart Can Ruin Your Life [video]

Ask HN: How do you handle audit logs in your systems?

Altman warns there's no legal confidentiality when using ChatGPT as a therapist

The UK Is Poised to Ban VPNs

Update Complete: U.S. Nuclear Weapons No Longer Need Floppy Disks

Show HN: Finch – a fingerprint-aware TLS reverse proxy

Top courtyards in New York City residential buildings

US markets defy doomsayers, draw record foreign inflows

The Silurian Hypothesis (2018)

Men Who Killed Google

Texts as Toys

ZUSE – The Modern IRC Chat for the Terminal Made in Go/Bubbletea

The Big Vitamin D Mistake

Make More Grayspaces

Show HN: I built a desktop reminder app using Rust and Vue.js

Enough AI Copilots, We Need AI HUDs

Ask HN: How do you build B2B software that pays living expenses?

Validated Patterns

Show HN: Investment Catalog

Percentage of one-person households, 1960 to 2018

Jelu: Self hosted read and to-read list book tracker

Placing Functions

Baltic Sea Anomaly

ADL – Agent Definition Language

Show HN: Vid2gif – Convert .mp4/.mov to optimized GIFs locally using FFmpeg

Chord/Harmony Finder App (In-Browser)