Thousands of smart TV applications available on LG and Samsung platforms contain software that turns devices into residential proxy nodes.
Researchers at Spur Intelligence identified proxy SDKs in 2,058 of the 6,038 webOS and Tizen apps they analyzed.
Spur's Trevor Sutter downloaded and unpacked smart TV application packages instead of relying on store descriptions or developer disclosures, and analyzed them, looking for known proxy SDK components associated with Bright Data, Massive, and Honeygain/Oxylabs.
Residential proxy networks route internet traffic through real consumer IP addresses and are commonly used for web scraping, market research, and ad verification. However, they have also attracted scrutiny because they can be abused to conceal malicious activity or provide access to networks through consumer devices.
LG and Samsung smart TVs are attractive targets for this model because they often remain connected to the internet for years and receive little user attention. Unlike smartphones or PCs, TVs typically offer few signs that an application is performing background activity after it has been closed.
According to Spur, many apps obtain consent through a one-time prompt during setup and continue sharing network resources afterward. The report cites examples in which users are given a choice between viewing advertisements and allowing the app to monetize their internet connection via a proxy network.
Researchers found that Bright Data, Bright Data Ltd, and Bright SDK were associated with 367 proxy-enabled apps, while Honeygain UAB, an Oxylabs subsidiary, appeared as the publisher of 16 applications. Many of the identified apps were simple games, screensavers, clocks, and utility tools.
The report also highlights differences in platform policies. Amazon's developer rules prohibit apps that facilitate third-party proxy services, while Roku has reportedly blocked applications that use the Bright SDK and similar technologies. Spur found no equivalent public restrictions from LG or Samsung.
Beyond privacy concerns, the researchers warned that proxy-enabled TV apps could create security risks because they operate on the same local networks as routers, printers, cameras, NAS devices, and computers. If proxy providers' safeguards fail or are bypassed, attackers could potentially gain a foothold inside home networks.
Spur pointed to the Kimwolf botnet, which abused residential proxy networks to access devices located behind proxy endpoints. The researchers found that Bright Data's SDK included blocklists designed to prevent connections to private IP address ranges. However, similar blocklists in local samples of Massive and Honeygain/Oxylabs SDKs were not identified.
Before publication, Spur shared its findings with Bright Data, Massive, and Oxylabs. All three companies defended their practices, emphasizing user consent, customer vetting, abuse-prevention measures, and controls intended to block access to private networks.
Spur argues that the main issue is not residential proxy networks themselves but their deployment on devices that consumers generally do not view as internet infrastructure. The researchers recommend that TV platform operators adopt clearer policies for proxy SDKs, require more prominent disclosures, and provide users with greater visibility into how their network connections are being used. For consumers, reviewing installed smart TV applications, limiting downloads to trusted developers, and removing unnecessary apps can help reduce exposure.
Leave a Reply