Smart TV Proxy Backdoor for AI Scraping
Why It Matters
This exposure highlights how consumers' home hardware and bandwidth are being covertly harvested to fuel the massive data demands of the AI industry. It raises critical concerns regarding cybersecurity vulnerabilities, user consent, and the erosion of digital privacy through hidden SDKs.
Key Points
- Bright Data's SDK turns consumer devices into exit nodes to facilitate AI web-scraping and bypass datacenter IP blocks.
- Include Security found the SDK lacks authentication and message signing, creating significant home network vulnerabilities.
- The software can bypass VPNs on iOS and features aggressive data harvesting policies in specific international regions.
- Samsung and LG continue to host over 200 apps with this SDK despite bans by Roku and Google TV.
Include Security has revealed that an SDK developed by Israeli firm Bright Data is turning millions of Smart TVs into exit nodes for a global proxy network used primarily for AI web-scraping. While platforms like Roku, Fire TV, and Google TV have banned the practice, Samsung and LG continue to allow apps containing the code on their Tizen and webOS platforms. Researchers discovered that the SDK lacks basic security protocols, including message signing and device attestation, making it less secure than common malware. Furthermore, on mobile devices, the SDK reportedly bypasses VPNs by binding directly to physical network interfaces. Bright Data’s configuration includes aggressive harvesting tiers for specific regions like Uzbekistan and Oman, where devices are permitted to relay traffic until they reach 1% battery life. Users are technically enrolled through complex terms of service, often without meaningful informed consent.
Imagine your Smart TV is working a secret night job as a traffic hub for strangers, and it’s using your electricity and internet bill to do it. A company called Bright Data has hidden code inside hundreds of apps on Samsung and LG TVs that turns your home into a 'proxy node.' This allows AI companies to scrape the web using your home's reputation so they don't get blocked. The worst part is that the security is so bad it's actually less safe than most computer viruses, potentially leaving your home network open to hackers while your VPN is completely ignored.
Sides
Critics
Security researchers who reverse-engineered the SDK and flagged it as a major security risk with poor encryption and authentication.
Defenders
Operates a global proxy network by embedding SDKs in third-party applications, arguing users technically agree via TOS.
Neutral
TV manufacturers whose app ecosystems currently permit the integration of Bright Data's proxy SDK.
Noise Level
Forecast
Regulatory bodies in the EU and US are likely to launch inquiries into 'shadow' proxy networks and deceptive consent practices in IoT devices. Expect Samsung and LG to face significant pressure to update their App Store policies to match the stricter standards set by Roku and Google.
Based on current signals. Events may develop differently.
Timeline
Cybersecurity Report Published
Include Security releases findings on Bright Data's SDK vulnerabilities and its prevalence in Smart TV apps.
Join the Discussion
Discuss this story
Community comments coming in a future update
Be the first to share your perspective. Subscribe to comment.