I hacked my washing machine

Original Article ↗ Hacker News Discussion ↗

Network isolation & IoT risk

  • Several commenters are uneasy about letting a washing machine onto their home network at all, even “in isolation,” citing risks of botnet activity, data-cap abuse, and vendor spying.
  • Others argue isolation is practical: put untrusted devices on an IoT VLAN with no peer-to-peer access, strict firewall rules, and limited/one-way internet access; trusted clients can selectively reach them.
  • There’s debate over what “isolated” means: separate VLAN vs truly separate LAN vs unidirectional links. Some note that VLAN-based isolation still depends on correct configuration and non-compromised gear.
  • The author explains the washer was on an isolated guest network, with a specific firewall rule allowing only their script to talk to the washer, and minimal/brief internet exposure.

Alternative ways to “hack” a washer/dryer

  • Many describe simpler notification setups:
    • Smart plug with power monitoring: alert when power drops below a threshold for a set time.
    • Vibration sensors (often Zigbee/ESP32) on washer/dryer.
    • Door/reed sensors combined with API or power data to detect “wet clothes left in drum.”
    • LoRa link for machines in basements or far from the house.
  • Some use these techniques broadly for dishwashers, microwaves, countertop ovens, or 3D printers.
  • 240V dryers are harder because of limited smart-plug options; people discuss CT clamps, internal wiring, and safety concerns.

Smart vs dumb machines

  • A number of commenters prefer “dumb” 1990s-style washers with mechanical timers, predictable cycle lengths, and longevity, using simple phone timers instead of automation.
  • Others note new machines often gate features (like delay start) behind Wi-Fi apps, or have very long and variable “eco” cycles, especially in Europe and in combo washer–dryers or ventless dryers.
  • There’s debate about whether newer machines truly have shorter lifetimes versus more intense usage; some brands are cited as lasting decades, but this is contested.

Protocol reversing & tooling

  • Commenters discuss:
    • That the washer uses no TLS and weak XOR “encryption” (sometimes even sending plaintext/garbage).
    • Using apk-mitm, Jadx, and similar tools to bypass certificate pinning and extract keys from Android apps.
    • Preference for learning and tinkering versus just using the vendor’s app.

Meta: style of post

  • Multiple participants praise this as the kind of hands-on, exploratory hacking they want to see more of, contrasting it with LLM-heavy content and pointing to Hackaday for similar projects.