I hacked my washing machine
53 comments
·July 27, 2025laurencei
05
Yeah I tried to use the builtin sensor on my LG one but it turns out, there's no 'door open' sensor per se, only the 'locked successfully' signal. So I had to add an external Zigbee reed switch door sensor..
gausswho
This is what Hacker News posts should be.
Biganon
YES. More actual hacking (as in tinkering), less LLM bullcrap that recently beat some metric I don't give a fuck about
llbbdd
lots of interesting LLM posts on HN
beached_whale
That's https://hackaday.com/ :)
pentamassiv
Unless you are using a rooted Android, putting your own certificates on your phone is annoying. They need to be in the system certificate store which is, as far as I know, only possible with a Magisk module.
An easier way is to run an Android virtual device with an older Android version on your computer. You can then use some scripts to add the certificates and proxy the traffic to Burpsuite or mitmproxy. That way you also don't have to switch devices.
It would also be interesting to use APKLab or Jadx to look at the code of the app. Maybe you can find the key derivation algorithm. The app and the washing machine must somehow generate keys or have pre-shared secrets.
If I understand correctly, the app only works if both devices are in the same network? I like that
bilinguliar
I suggest pushing washing machine metrics to Prometheus, it just asks for it.
madaxe_again
Respect, but this is kinda the hard way - I just plugged mine (dumb machine, not smart) in via an energy metering plug, and when energy use drops to less than 10W for more than 2 minutes, it’s done - very simple homeassistant automation. Convenient for me as the machine is 500m from the house.
bombcar
Now I want to know why your washing machine is half a kilometer from your house.
stephen_g
One reason I can think of - in some places where houses are small (like in cities the UK) you might not have a garage on your property and might rent one nearby (they are often in little rows, e.g. [1]). So they might have that kind of situation and have the washing machine there if it's a very small house?
1. https://www.alamy.com/stock-photo-row-of-private-car-garages...
grishka
Them living on a farm is the only explanation I can come up with.
snickerdoodle12
Seriously, me too. I also want to know how they transport the laundry to/from the machine. I'm hoping for a conveyor belt of sorts.
pastorhudson
The factory must grow!
JadedBlueEyes
Nex is a cybersecurity student in a house of similar people, they're gonna take every way :3
quote:
> The plan is, in future, since we can't hack something that doesn't have a brain, to instead attach a brain to it. The dishwasher is easy, we can just whack that on a smart plug and monitor when the power use surges and drops. The dryer is a bit more difficult, since they pull a LOT of power, and smart plugs typically either don't support that much power, or are incredibly expensive. So that's likely going to be some fancy vibration sensor-based thingy
drng
Vibration sensor is exactly what I did, for exactly that reason. Zigbee sensor + home assistant and a little bit of timer logic to manage the state
dmd
This is what I do - when the washer finishes, a light turns on in the kitchen letting us know. Then, when the dryer has drawn power for 10 seconds, the light turns back off, because that’s a good indication that someone dealt with the wet laundry. (Sometimes things get out of sync but not often!)
qwertox
I do the same,works great. I liked it so much that im doing the same with my microwave, after removing the annoying beeper it had. Now i get a decent single short beep and can monitor how often I've used it.
IncreasePosts
Couldn't you just set a timer for 45 minutes, or whatever? Is there that much variance in load times?
maxerickson
Eliminating any unneeded manual steps adds reliability. The load done thing goes off when the load is done, you don't forget to start it.
Smart plugs are cheap enough where it doesn't take a lot of convenience to justify it.
pfych
Some washing machines (mine at least) have some "smart" features that adjust the wash time depending on some factors. Nothing more annoying than coming to the laundry after my phone alarm goes off, and seeing the timer on my washing machine go UP(!!!) from 0:01 to 0:02 ...
XorNot
Yeah this is my approach too. Though I need to revisit the thresholding.
firesteelrain
Assuming the only reason this works is because the washing machine and app don’t use TLS 1.2 and instead some homegrown Caesar cipher?
Otherwise, you would need some MitM style attack?
timedout_uk
The washing machine doesn't use TLS at all and instead opts to just XOR data, explained later in the post.
firesteelrain
I understand. I was saying how this could have been avoided by the manufacturer
bblou
I'm surprised you let your washing machine into your network. I now get the appeal of just an alert the washing machine is done. But I could not for the life of me allow any of these kinds of devices onto my home network. Even in isolation...
timedout_uk
Hey, blog author here. It only had access to the internet for a brief second, and even then it was on an entirely separate network because of how I just set up my openwrt router as a client to the main network. Our guest network is completely isolated, an explicit firewall rule had to be added so that my script could communicate with the washer while it's on this network. It has no access to anything but itself, and occasionally hears the screams of my script demanding it serves up data.
It has access to nothing, only my script has access to it - I don't see a risk here. I still have the heebie jeebies knowing it's connected to anything at all, or even the fact that it can do that, but also spending a night hacking a washing machine was incredibly funny to me and totally worth it. Plus, got some useful notifications out of it.
EspadaV9
My dryer doesn't have a delay function accessable via the front panel, it's been "app gated", and the only way the app can talk to it is via WiFi, so if I ever need to set a delay, I have to use the app. All IoT devices are on their own VLAN though, and where possible firewalled off too. I can easily imagine more features being locked behind the app for future models.
sgarland
I have all IoT devices in a VLAN, with a traffic rule that they can’t respond to any external requests unless they initiated it.
Good enough for me, but everyone’s level of comfort is different.
stavros
Why wouldn't you allow it in isolation?
yjftsjthsd-h
How isolated are we talking? A device that only has access to the internet can still get botnetted and send malicious traffic from your IP. Or burn your data cap, or spy on you for the vendor.
stavros
But the comment said "I wouldn't allow it on my local network", not "I wouldn't allow it on the Internet".
wrboyce
For untrusted IoT devices I’ve found that sticking them on the IoT VLAN (so no device-to-device communication, and either no or extremely limited internet access; but I let my trusted clients punch through to IoT devices) has allowed me to retain all functionality whilst being confident they’re not up to anything I don’t want or expect.
doubleg72
It's fairly simple to keep these devices isolated and if you have a decent firewall, you shouldn't have much to worry about. Keeping them in a separate, internet-only VLAN with peer to peer isolation is typically the standard protocol. That said, in a lot of cases, even keeping the isolated doesn't resolve any privacy concerns. Also, with some devices, you have to open up mDNS.
j45
Creating an IoT wifi that is one way is reasonably possible.
Someone shared this pdf written by someone that had a nice overview that is transferable to any router.
neoden
Why?
carlhjerpe
Practical engineer in me screams: SIMPLIFY, SIMPLIFY, SIMPLIFY.
Just plug the washing machine into a smartplug and alert when power draw drops to idle for more than X minutes.
pavel_lishin
Our previous washing machine had a mechanical rotating switch, sort of like an egg timer, built into it. I seriously thought about just gluing a pair of metal bits onto it to make a physical connection when it was done, which would either do something clever like trigger a RasPi into sending me a text, or something stupid like physically triggering a doorbell chime.
russdill
Can confirm this is super easy. It has the additional advantage of monitoring power usage and it allows you to cut power if the leak sensor under it goes off
thehappypm
My washing machine also makes a stupid chime melody thing. A microphone that listens for it would also be a simple way to do it.
carlhjerpe
I would go for the "monitor a number" before "sound recognition", unless you're talking about just using an amplifier to bring the chime into the entire house.
thfuran
I'd dump cut the mic and wire it to some input before actually trying to check for the sound. But it's probably inconvenient to get to and monitoring overall power draw would be easy.
imglorp
Or a current sensing transformer around its power cord.
xyst
Not all washing machine appliances are same, unfortunately
timedout_uk
but where's the fun in that :P
m463
The fun is that you can reuse the setup for a japanese toilet, monitor energy use and use the data to play applause sounds in the bathroom after use.
carlhjerpe
True, we all find enjoyment in different things
GuB-42
If you like these kind of posts, maybe you should go to https://hackaday.com/ it is all articles like this every day, though usually more on the hardware side.
Here is one in the same vein: https://hackaday.com/2023/04/15/internet-of-washing-machines... => https://tratt.net/laurie/blog/2023/displaying_my_washing_mac...
xyst
I am contemplating hacking my washing machine "smart" module into its original silicon dust and replacing with a dumb interface.
Anybody interested in this write up? Might even include a "Office Space"-esque montage of the smart module destruction.
senectus1
that was a very easy to read article. I really enjoyed it and now want to start poking around my "smart" appliances.
Ecko123
[dead]
I did something with my Bosch washing machine (not like the OP). My washing machine is at the other end of the house from my home office. Sometimes I would put a load of washing on, and despite setting an alarm, might forget (perhaps I am in an important meeting etc).
So I decided to solve it.
Using the Bosch API - I can tell both when a cycle is complete, and if the door is open. Currently I use their default version, but there is a local hosted option I'll be switching too now the proof of concept works.
So using Home Assistant I have a simple script that detects when a washing machine cycle is complete AND the door has NOT been opened. This implies my washing machine has wet clothes still in it.
So Home Assistant will alert my phone (and my wife only if she is home based upon presence detection) once every 15mins that there are wet clothes waiting in the washing machine.
Very simple - works perfectly.