Back

Smart TV Apps Exploit Devices for AI Proxy Networks

Severity: Medium (Score: 55.5)

Sources: Cybersecuritynews, Gbhackers

Published: 2026-06-08 · Updated: 2026-06-08

Keywords: free, samsung, smart, apps, devices, proxy, into

Summary

Free applications on Samsung, LG, and Roku smart TVs are reportedly enrolling devices into a commercial residential proxy network operated by Bright Data. This exploitation occurs through a hidden SDK embedded in partner apps, which users unknowingly consent to via a buried dialog in TV remotes. The research from Include Security indicates that millions of devices are affected, raising significant privacy concerns. The proxy network is primarily used for web scraping to train AI models. The investigation was published on June 5, 2026, highlighting the scale and method of the exploitation. Users of these smart TVs may unknowingly contribute to this network without clear awareness of the implications. The situation is ongoing, with no immediate remediation steps disclosed. Key Points: • Free apps on smart TVs are secretly enrolling devices into a proxy network. • Millions of Samsung, LG, and Roku devices are affected by this exploitation. • The exploitation occurs through a hidden SDK and buried consent dialog.

Detailed Analysis

**Impact** Millions of smart TVs from Samsung, LG, Roku, and other major connected TV platforms are affected globally. Users of free apps on these devices are unknowingly enrolled in a commercial residential proxy network operated by Bright Data, enabling their devices to relay AI training data traffic. This unauthorized use may degrade device performance and increase network bandwidth consumption, impacting consumer privacy and potentially exposing residential networks to abuse. **Technical Details** The attack vector involves free smart TV apps embedding an SDK from Bright Data that enrolls devices into a proxy network. User consent is obtained through a concealed dialog accessed via the TV remote’s arrow key, indicating social engineering in the kill chain’s delivery and exploitation stages. No specific malware, CVEs, or IOCs were disclosed. The infrastructure leverages a commercial residential proxy network to route AI data scraping traffic through compromised smart TVs. **Recommended Response** Users should review and uninstall suspicious or unnecessary free apps on their smart TVs and scrutinize app permissions and consent dialogs carefully. Network defenders should monitor unusual outbound proxy traffic from smart TV IP addresses and consider network segmentation to isolate IoT/CTV devices. No patches or CVE mitigations are currently available; therefore, monitoring proxy-related traffic patterns and blocking known Bright Data proxy IP ranges where feasible is advised.

Source articles (2)

  • Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies — Cybersecuritynews · 2026-06-06
    Free apps available on Samsung, LG, Roku, and other major smart TV platforms have been quietly enrolling millions of living room devices into a commercial residential proxy network used to scrape web…
  • Free Samsung and LG Smart TV Apps Reportedly Exploit Devices for AI Proxy Traffic — Gbhackers · 2026-06-08
    Free apps available on Samsung, LG, Roku, and other connected TV (CTV) platforms are quietly enrolling users’ smart televisions into a commercial residential proxy network operated by Bright Data, acc…

Timeline

  • 2026-06-05 — Research published on smart TV app exploitation: Include Security published findings revealing that free apps are enrolling smart TVs into a proxy network.
  • 2026-06-06 — Media coverage of smart TV exploitation: Cybersecuritynews reported on the findings, emphasizing the scale and method of the exploitation affecting millions of devices.

Related entities

  • LG (Company)
  • Samsung (Company)
  • LG Smart TV (Platform)
  • Roku (Platform)
  • Samsung Smart TV (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed