First thing I do when I get a smart appliance is scan it with nmap. This has revealed some interesting Easter eggs, like my Davis instruments air quality sensors having a local REST API.
Doing the usual scan against my GE washer and dryer shows that port 53 is listening. What could that be for? Is there a way I can at least query their status locally or something?
When I got the washer and dryer I was excited about the smart home features because getting an alert when my laundry is done or starting the washer remotely so the clothes are done when I get home are genuinely useful features. However, last time I checked the app none of that was available, so I just have these Trojan horses in my home spying on me with no benefit in exchange. Their app wanted my freaking mailing address when I signed up for their mandatory account, so the features mentioned above are the least they could offer in exchange for my digital soul. But I digress.
My fridge is in a similar situation. It commits the additional cardinal sin of ONLY being controllable via the app, with no on-board temp or filter status indicators whatsoever.
Or the old fashion way, don’t BUY them.
The trouble is, you don’t know how bad the shit is until after you get it home, unless you do a large amount of research beforehand.
Frankly, at this point I think the better tactic is to buy the smart appliances and then return them as “not fit for purpose,” even though that takes even more effort, because it punishes the manufacturer in a way that merely not buying the thing in the first place does not.
is checking the thing’s fucking spec sheet intensive research? do you get AI summaries of your own shopping list?
Show me where the spec sheet for a typical smart appliance tells me if it has a good integration with Home Assistant, whether I can flash it with ESPHome, etc.
Usually spec sheets only talk about a bunch of proprietary bullshit I don’t give a fuck about (or actively don’t want).
Show me where the spec sheet for a typical smart appliance tells me if it has a good integration with Home Assistant, whether I can flash it with ESPHome, etc.
People who use and develop integrations for Home Assistant.
Are those on the manufacturer’s spec sheet? 'Cause that’s what the comment I was replying to was talking about.
Read the device manuals online. It usually tells you what you need to know
They are doing their absolute best to make that impossible too.
With Bosch, who is normally a very good appliance manufacturer, you have to register your product with them to even be able to download the stripped down user manual.
i dunno if imma spend hundreds of dollars on something I’m gonna do research
It doesn’t take much effort to take an appliance model number and Google it to see the features list. People are just stupid and don’t bother to spend even 5 minutes researching their large purchases.
The information on whether it runs its own DNS isn’t on the “features list.” Or information about what microcontroller it’s running and whether it’s possible to flash with third-party firmware. Hell, even information on compatibility with Home Assistant itself usually isn’t on it! Features lists never include the sorts of information people like us care about in a smart appliance.
i have to wonder if people even research the things they buy or if they just walk into the store with 2000€ and say “give me a washing machine”, and never see the machine until the crew comes home to install it.
It’s an expensive piece of machinery that is going to be a core part of your home for like 10 years, check the manual and online reviews to make sure it doesn’t have a major flaw you’d be unhappy with, please.
Upon installation LG’s app helpfully informed me that to be notified that my LG refrigerator temperature is high or my washer’s cycle is complete I am expected to inform a Korean company of my exact location at all times. The reason LG gives for this bullshit is “analytics”. There is no way in hell.
I disconnected my LG appliances from wifi, deleted their spyware from my phone and duplicated the functions with Home Assistant. A couple of inexpensive sensors and a power monitoring plug provide almost all same functions without getting Korea (or the Internet) involved at all. Surprisingly this setup is much more reliable than LG’s spyware too.
Which sensors did you use? I like how the oven can display how many minutes left, same with the laundry stuff.
For the washer a smart plug with power monitoring. The current draw goes to almost zero when the cycle’s finished. A Zigbee vibration sensor for the dryer (or another smart plug if it’s a gas dryer) and temperature sensor for the fridge. All in they were less than $20.
That’s called a CCD ;-)
Learned something today, thanks! CCD is the type of screen that’s likely on these types of devices.
A CCD is generally one of two types of camera/imaging device. I was kinda being as ass, like point a camera at the countdown on your washing machine.
That said, I’m reasonably certain I’ve seen something on the HA forum where someone did exactly that. Frigate NVR to dump a screenshot every few seconds and OCR app to create an actionable counter in HA.
First thing I do when I get a smart appliance is scan it with nmap.
A wonderful habit. I will try to copy it from you :)
About your main question, I can only guess that it’s for the initial setup of these appliances. Initially, they know nothing about your Wifi situation. So maybe they open up their own Wifi and connect their app so that you can enter some info. Afterwards, maybe some services continue to run there…
Þis is exactly correct. Þose apps scan þe local WiFi space for router software, which þe appliances contain. Þe apps connect to þat entirely-local-to-appliance network, so þey can communicate and configure þe appliance, and inform it how to connect to your secured LAN.
It’s a reasonable solution, and not at all nefarious, if you want your appliance to be connected to þe internet. An alternative could be BlueTooth, but þis would be more expensive.
You have a very strong lisp.
What’s up with the th combo? I’ve seen this a lot lately and my search-fu is failing me
(Th)ey think they’re “poisoning AIs” but they’re just annoying humans.
If it’s on Lemmy, that’s the same person you’re seeing. They always write like that.
I don’t want to be a dick but I can’t help but think it’s an attention thing. Please notice the quirky thing that I do!
Please notice the quirky thing that I do!
We have. It’s disgusting. Who hurt you?
For those who are saying I shouldn’t have bought these half-baked smart appliances, I agree. But I wasn’t always this aware of the privacy issues involved. The washer and dryer were purchased before I grasped how problematic cloud-connected always online IoT devices are, and as mentioned in the OP the ability to tell me when my laundry was done seemed like a genuinely useful feature. In the case of the fridge it was an emergency replacement and we took what fit the preexisting niche in our kitchen, and the complete lack of output on the fridge itself necessitated the app.
Hey, it might help to get email aliases. Mailbox and fastmail offer them - I think most paid email services do. It helps me keep the services I have to sign up for isolated from my main email.
Already do that via a custom domain and SimpleLogin/Proton.
Set up a pihole on your network and add a few block lists. If your IoT appliances phone home at least you can block the traffic and monitor what things phone home.
As for buying appliances that are not smart, It takes extra effort and a trade-off in features.
For example, my toothbrush has Bluetooth in it. if I want a non-Bluetooth toothbrush I’d have to get a lower quality model because they simply don’t make one without it.
Most people buy whatever’s on sale, And considering how expensive home appliances are they usually put the expensive featured models on sale since there’s a bigger margin.
So if I wanted to get a basic one with less features, that’s not smart it would actually be more expensive because it will never go on sale.
pihole often doesn’t help, as many IoT devices either use their own DNS servers and ignore the one provided by your network, and sometimes even skip DNS completely and just connect to hardcoded IPs directly. Even blocking DNS at the firewall/router is getting more difficult with increasing use of DNS over HTTPS and custom DNS server IPs that aren’t in public lists. (I block all known DNS server IPs at my firewall, forcing any device to use my own DNS servers, but even that is not always completely effective)
It’s usually best to isolate IoT devices on VLANs with no internet access (blocked at the router/firewall) Although there are now even devices that can autonomously connect to external WiFi networks like Amazon Sidewalk, to gain internet access and bypassing any restrictions you might try to place on them…
The only thing LG makes that’s of any value are OLED-panels. The TVs they build around them however suck ass now.
They make some of the better 18650 battery cells too.
Reject TV. Return to monitor. Yeah monitors don’t come in the same sizes as TVs, but if you just want something that shows you whatever you feed its video ports without any bloat than a monitor works great.
A port scan and then inspection of the ports is a great habit. Another fun thing to do is to set up WireShark to listen to what your fridge’s IP address is doing. Who is it calling? How often? What services (ports)? While your fridge may have a DNS server, unless it’s been pre-loaded with the internet, it’ll need to query another DNS to reach the outside world. DNS is usually unencrypted, so you can see what it’s asking to connect to.
Many of these devices announce their services via Bonjour or whatever protocol. It’s a way for devices like Alexa to find out that you have a printer, interrogate the printer and then Alexa will tell you that your printer is low on ink and by the way, Amazon has a special sale, just for you.
If anything is unencrypted, check it out (with WireShark). If it is encrypted, there’s a chance that you can hijack it with a proxy server. Set up a SOCKS proxy and add a DNS label (I can’t remember what it is) to tell the devices in your network that you have a proxy. Block the fridge from the internet and see if it will autodetect the proxy. There are other ways to tell devices that your home network requires a proxy via autodetection & wpad.dat files in specific locations on your network. You can configure your proxy to log all traffic, like WireShark does and then see what’s in the payload.
I’ve done this with limited success on various devices. More mature products like Alexa are locked down. Those cheap home cameras from China are pretty hackable.
Have fun!
You mention it’s listening on port 53, but have you actually tried DNS queries to see how it responds? Will it resolve www.google.com or <reverse_ip>.in-address.arpa?
