I'd pcap a bunch of the traffic -- in particular the DNS requests -- that will tell you where it is connecting. Hopefully it is using TLS, and then the SNI headers can give you more information.
I run a local DNS resolver and so I capture all the lookup responses so that I can turn IP addresses back into names. Depending on what firewall/router you have, you may be able to log connections. I use a locally hosted free Gravwell process to grab these logs and correlate with the DNS queries to find which systems are talking to where. If your home network is like mine, then there are probably a bunch of systems that you want to block from talking outside.
For those interested, you can setup tcpdump on Asus router pretty easily to monitor traffic going through the router. You don't even need to mess with the firmware on the router.
Might be legit, LG ThinQ is their smart appliance page. And aic-common.lgthinq.com is registered to LG.
Genuinely unsure what would be taking that much data though but honestly my first guess is a bug of some kind. Kind of wondering if the App has some sort of issue reporting page on it, might be worth sending in something about it. Might not get a response, it but could get some gears turning on their end behind the scenes.
It may be worth sandboxing it into a dedicated network then analyze the traffic and see what it does in detail, for example if it accesses the local network then relays something outside, or if it opens ports waiting for connections, etc.
I wonder if merely downloading so much data and storing it into its internal flash could wear it in a short time forcing the user to call for repair.
Does it stop functioning intermittently? I've seen cases of devices in the middle of a failed OTA, and the device keeps requesting the OTA again. If it's going on and offline often, this might the case.
Have you tried tcpdump’ing its payload on your router? If it’s plain text it should be obvious what it’s doing. If it isn’t you can still sniff which domains it’s connecting to from SNI ClietnHello message but payload will be encrypted. You can still get to it but that would require some decent soldering and hw debugging skills…
If you have a openwrt router than it should be quite simple. Redirect the traffic from the ip of the washing machine to a machine that has mitmproxy installed (using iptables). Hopefully the protocol is https and it doesn't have some form of certificate pinning. That should get you the raw requests/responses.
I run a local DNS resolver and so I capture all the lookup responses so that I can turn IP addresses back into names. Depending on what firewall/router you have, you may be able to log connections. I use a locally hosted free Gravwell process to grab these logs and correlate with the DNS queries to find which systems are talking to where. If your home network is like mine, then there are probably a bunch of systems that you want to block from talking outside.