Did you know that your smart washing machine could be hacked, leading to the theft of your data? It’s surprising, but this viral story on Twitter will make you rethink smart technology.
Smart washing machines are known to consume no more than 1 megabyte per day. But what if you discovered that your smart washer was consuming much more than that?
X (Twitter) user @johnie shared a post about this exact experience, including a chart revealing that his LG washing machine was sending over 150 megabytes of data every hour, 24/7, totaling more than 3 gigabytes per day!
You may be wondering why there is an increased usage of data lately. Is this due to electronic hacking or a new form of data theft? Could your smart washing machine be eavesdropping on you or potentially being used to mine Bitcoin? Johnie tried using some monitoring tools and software to detect the issue and noticed that the process responsible for the increased data transmission was using the same port (5223) used by iMessage. He also noticed that a large amount of data was being uploaded to the washing machine’s IP address.
Johnie then attempted to disconnect the washing machine from the Wi-Fi network and cut off its internet connection, but he failed to do so. The washer only allowed him to switch to another Wi-Fi network. This behavior raised a lot of suspicion among the audience about whether their devices were behaving properly or not, as it’s rare for anyone to monitor their home internet usage.
The explanation for what happened might be that smart home devices mine data from their owners for use in training artificial intelligence or targeted advertising. LG, for example, recently shared a statement about using data from millions of home appliances to make AI-driven software more beneficial.
Is It a Coincidence?
What happened could result from data leakage or external hacking, as all LG smart devices are connected to an application called SmartThinQ. In 2017, researchers discovered a vulnerability in this application that allowed attackers to remotely take control of accounts and smart devices, using them to launch Distributed Denial of Service (DDoS) attacks.
Certainly, there are other explanations that could interpret what happened from a different perspective. There might be a software glitch in the washing machine, or the machine could be generating erroneous logs, leading it to constantly check for updates and, as a result, consume such a large amount of data.
Tips to Protect Your IoT Devices
1. Ensuring Only Authorized Firmware Runs on Your Device
Secure boot means only authorized firmware can be installed on your machine. Whether a vendor, an IT team, or an automated process updates the firmware, malicious actors cannot inject unauthorized code or malware. If the firmware isn’t cryptographically signed and validated, it won’t run. This eliminates the risk of tampered software compromising your device’s integrity.
2. Moving Beyond Default Passwords
Many IoT devices ship with default passwords—or worse, no authentication at all. Passwords, especially for machines, are outdated. Certificate-based authentication is the gold standard. This method ensures that only trusted entities access the device, validated through cryptographic keys rather than vulnerable text-based credentials.
The consequences of weak authentication are stark. The Mirai DDoS attack caused many websites and online services to crash, including other social media platforms.
The malware looked for easy ways to use weak passwords on home routers and set-top boxes. like “admin/admin.” It was simple but worked well, compromising up to 380,000 devices.
3. Encrypting Data at Rest
While enterprises prioritize encrypting data in large-scale systems, embedded devices are frequently neglected. Many IoT devices use flash storage to hold sensitive data temporarily, such as configuration details or network credentials. If this storage isn’t encrypted, attackers extracting the physical chip can access unsecured information, exposing the entire system to risk. Encrypted storage on embedded devices ensures that even if the hardware is compromised, the data remains unintelligible without proper decryption keys.
Final Thoughts
As of early 2025, over 50% of IoT devices are reported to have critical vulnerabilities that hackers can exploit. Therefore, cybersecurity experts advise against using internet-connected smart home appliances if possible. If not, focus on secure boot, authentication, protected ports, and encrypted storage. It’s important to take these warnings into consideration and take the necessary steps to protect your privacy and digital security as an individual and as an organization.
Khaled is a cybersecurity engineer who secures businesses with his technical expertise. He also creates content for cybersecurity companies.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
