CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 07, 2026

Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies

Cybersecurity News Archived Jun 07, 2026 ✓ Full text saved

Free apps available on Samsung, LG, Roku, and other major smart TV platforms have been quietly enrolling millions of living room devices into a commercial residential proxy network used to scrape web data for AI training all through a consent dialog buried in a TV remote’s arrow-key navigation, according to new research from Include Security. […] The post Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies appeared first on Cyber Security News .

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies By Guru Baran June 6, 2026 Free apps available on Samsung, LG, Roku, and other major smart TV platforms have been quietly enrolling millions of living room devices into a commercial residential proxy network used to scrape web data for AI training all through a consent dialog buried in a TV remote’s arrow-key navigation, according to new research from Include Security. The culprit is an SDK developed by Bright Data, a Tel Aviv-based data-collection company that markets what it calls the world’s largest residential proxy network, claiming 150M+ IP addresses sourced via embedded software in partner apps. When installed, the SDK silently transforms a user’s connected TV (CTV) or mobile device into an exit node, routing paying customers’ web-scraping traffic through the user’s home internet connection. Researcher Buchodi, working alongside Include Security, explains why connected TVs are a prime target compared to smartphones: they are always plugged in, always on Wi-Fi, sit in standby 24/7, face virtually zero corporate or MDM oversight, and are rarely attended by users. Free Apps Turning Smart TVs into Proxies The SDK’s configuration confirms this exploitation, with idle threshold flags set to ignore_screen_on: true and ignore_on_call: true meaning a device is considered eligible to relay third-party traffic even while a user is actively watching or on a call. The monthly bandwidth default for Wi-Fi relaying is capped at 200 GB per device, according to config values retrieved from Bright Data’s own unauthenticated public endpoint at clientsdk.bright-sdk.com. The same unauthenticated config endpoint exposes a partner manifest, which researchers identified as including: PlayWorks Digital — 400+ CTV game titles distributed across Samsung, LG, Comcast, Roku, and Sky, reaching an estimated 250 million TV households CloudTV — integrated across 125+ TV brands and 15+ OEMs Viber Media (Rakuten) — 250M–820M monthly active users Moonfrog Labs — ~10M MAU on Teen Patti Gold alone Hola Networks — Bright Data’s lineage parent company The SDK opens a persistent WebSocket to proxyjs.brdtnet.com:443, resolving to AWS Global Accelerator IPs and presenting a TLS certificate for *.luminatinet.com Bright Data’s pre-2018 corporate name was Luminati Networks. This legacy hostname serves as a direct detection pivot for defenders: any luminatinet.com or brdtnet.com traffic on a network is specifically the SDK’s peer-tunnel plane, not legitimate Bright Data customer traffic. Critically, the SDK uses Apple’s NWParameters.requiredInterface API to bind the data plane directly to the physical Wi-Fi or cellular interface, bypassing any user-configured VPN entirely. The control plane uses CFHTTPMessage primitives instead of URLSession, defeating standard iOS instrumentation tools. The combination ensures the SDK’s most sensitive channel remains invisible to typical security monitoring layers. Buchodi recommends blocking the following DNS hostnames at your router: proxyjs.brdtnet.com proxyjs.luminatinet.com clientsdk.bright-sdk.com For TLS-based filtering, drop any handshake with SNI matching *.brdtnet.com, *.luminatinet.com, or *.luminati.io. Enterprise MDM administrators should scan for Swift binary symbols BrdWebSocketFacade and BrdNetwork.DNSResolver to identify affected apps on managed devices. Include Security notified Bright Data on May 11, 2026, via privacy@brightdata.com. No response was received prior to publication. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Hackers Use YouTube and SEO Poisoning to Spread WeedHack Minecraft Malware binding.gyp Supply Chain Attack Compromises Dozens of npm Packages Across Maintainer Accounts Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks Windows Netlogon 0-Click RCE Vulnerability Now Actively Exploited In The Wild Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign Latest News Cyber Security News Top 5 Best Tools for Simulated DDoS Attacks in 2026 Cyber Security News Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks Cyber Security OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects Cyber Security News Anthropic’s Claude Services Down — claude.ai, Claude Code, and Cowork Affected [Updated] Cyber Security News Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 07, 2026
    Archived
    Jun 07, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗