How It Works
Free applications on major smart TV platforms, including Samsung, LG, and Roku, are covertly converting household devices into exit nodes for a commercial proxy network. Research from Include Security has identified an SDK developed by Bright Data, a Tel Aviv based data collection company, embedded within these apps. When installed, the SDK uses a user’s home internet connection to route web scraping traffic for paying customers, all triggered by a consent prompt cleverly hidden within the TV remote’s arrow key navigation.
The SDK targets connected televisions because they are always powered on, connected to Wi-Fi, and remain in standby mode constantly. They also face little to no corporate oversight or mobile device management. Configuration flags within the SDK, such as settings that ignore screen activity or active calls, show that a device is considered eligible to relay traffic even when a user is watching content or on a phone call. The default bandwidth cap for this Wi Fi relaying is set at 200 gigabytes per month per device.
Impact and Scope
An unauthenticated public configuration endpoint from Bright Data reveals a partner manifest that includes several major entities. PlayWorks Digital provides over 400 game titles across Samsung, LG, Comcast, Roku, and Sky, potentially reaching an estimated 250 million television households. Other partners include CloudTV, integrated across 125 plus TV brands, and Viber Media with hundreds of millions of monthly active users. The SDK establishes a persistent WebSocket connection to a Bright Data server, which resolves to AWS Global Accelerator infrastructure. Defenders can detect this activity by monitoring for traffic to legacy hostnames associated with Bright Data’s former corporate identity, Luminati Networks.
Source: Cyber Security News
