How the Proxy Network Operates
A security researcher has reverse engineered the iOS software development kit (SDK) used by Bright Data, a company that operates a large residential proxy network. The SDK is embedded inside free consumer applications, including those installed on smart TVs. When a user opens such an app, the SDK connects to Bright Data’s servers and receives instructions to fetch web pages from other websites using the user’s home internet connection. This effectively turns the device into an exit node for Bright Data’s web scraping service, which the company markets heavily to the artificial intelligence industry.
The research, published by Include Security and independent researcher Buchodi, reveals that the peer channel carrying these scraping jobs lacks proper authentication. The researchers described this channel as weaker than the command and control channels used by typical malware. On iOS devices, the traffic bypasses any configured virtual private network, and much of the app’s activity is invisible to standard security monitoring tools. The device can continue relaying data in the background even while someone is watching the screen or on a call, as long as the battery lasts.
Impact and Scope
The immediate risk is not a hacked account or stolen data, but rather the unauthorized use of a home internet connection and its bandwidth as part of someone else’s scraping infrastructure. A connected smart TV is especially suitable for this purpose because it is usually plugged in, connected to a fast and unmetered network, and often left unwatched. Bright Data advertises its network as the largest residential proxy network globally, with over 400 million residential IPs. The SDK described in the research is part of a consent sourced pool of more than 150 million IPs.
While the deepest technical evidence comes from the iOS SDK, the smart TV angle is supported by Bright Data’s platform support documentation, its public partner list, and earlier reporting. The findings highlight a growing privacy concern as always on devices are repurposed without users’ full awareness, turning home networks into tools for data collection that powers AI development.
Source: The Hacker News
