Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Free apps available on Samsung, LG, Roku, and other major smart TV platforms have been quietly enrolling millions of living room devices into a commercial residential proxy network used to scrape web data for AI training all through a consent dialog buried in a TV remote\u2019s arrow-key navigation, according to new research from Include Security.<\/p>\n
The culprit is an SDK developed by Bright Data, a Tel Aviv-based data-collection company that markets what it calls the world\u2019s largest residential proxy network, claiming 150M+ IP addresses sourced via embedded software in partner apps.<\/p>\n
When installed, the SDK silently transforms a user\u2019s connected TV (CTV) or mobile device into an exit node, routing paying customers\u2019 web-scraping traffic through the user\u2019s home internet connection.<\/p>\n
Researcher Buchodi, working alongside Include Security, explains why connected TVs are a prime target compared to smartphones: they are always plugged in, always on Wi-Fi, sit in standby 24\/7, face virtually zero corporate or MDM oversight, and are rarely attended by users.<\/p>\n
The SDK\u2019s configuration confirms this exploitation, with idle threshold flags set to The monthly bandwidth default for Wi-Fi relaying<\/a> is capped at 200 GB per device, according to config values retrieved from Bright Data\u2019s own unauthenticated public endpoint at The same unauthenticated config endpoint exposes a partner manifest, which researchers identified as including:<\/p>\n The SDK opens a persistent WebSocket to This legacy hostname serves as a direct detection pivot for defenders: any Critically, the SDK uses Apple\u2019s The control plane uses Buchodi recommends<\/a> blocking the following DNS hostnames at your router:<\/p>\n For TLS-based filtering, drop any handshake with SNI matching Include Security notified Bright Data on May 11, 2026, via Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates.<\/strong><\/p>\n The post Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nignore_screen_on: true<\/code> and ignore_on_call: true<\/code> meaning a device is considered eligible to relay third-party traffic even while a user is actively watching or on a call.<\/p>\nclientsdk.bright-sdk.com<\/code>.<\/p>\n\n
proxyjs.brdtnet.com:443<\/code>, resolving to AWS Global Accelerator IPs and presenting a TLS certificate for *.luminatinet.com<\/code> Bright Data\u2019s pre-2018 corporate name was Luminati Networks.<\/p>\nluminatinet.com<\/code> or brdtnet.com<\/code> traffic on a network is specifically the SDK\u2019s peer-tunnel plane, not legitimate Bright Data customer traffic.<\/p>\nNWParameters.requiredInterface<\/code> API to bind the data plane directly to the physical Wi-Fi or cellular interface, bypassing any user-configured VPN entirely.<\/p>\nCFHTTPMessage<\/code> primitives instead of URLSession<\/code>, defeating standard iOS instrumentation tools. The combination ensures the SDK\u2019s most sensitive channel remains invisible to typical security monitoring layers.<\/p>\n\n
proxyjs.brdtnet.com<\/code><\/li>\nproxyjs.luminatinet.com<\/code><\/li>\nclientsdk.bright-sdk.com<\/code><\/li>\n<\/ul>\n*.brdtnet.com<\/code>, *.luminatinet.com<\/code>, or *.luminati.io<\/code>. Enterprise MDM administrators should scan for Swift binary symbols BrdWebSocketFacade<\/code> and BrdNetwork.DNSResolver<\/code> to identify affected apps on managed devices.<\/p>\nprivacy@brightdata.com<\/code>. No response was received prior to publication.<\/p>\n