Smart TV apps found routing third-party web traffic through home networks
A report by cybersecurity firm Includesecurity indicates that certain free applications on Samsung and LG Smart TVs are using a Bright Data SDK to route third-party internet traffic through users' home networks. These Smart TVs function as "residential proxies" for tasks like web data collection or AI system training, potentially raising security and bandwidth concerns. The study highlights the lack of clear user consent for such practices.
Key Takeaways
- Bright Data SDK converts connected TVs into intermediate traffic nodes for commercial data collection.
- The software targets Samsung's Tizen and LG's webos platforms due to their persistent standby connections.
- Integrated apps can transmit device technical data, including CPU usage, memory status, and network activity.
- Experts recommend blocking domains such as proxyjs.brdtnet.com and clientsdk.bright-sdk.com at the router level.
Why It Matters
This discovery highlights a significant security vulnerability where consumer hardware is repurposed as enterprise infrastructure without transparent consent. For the streaming industry, this practice threatens to degrade device performance and network reliability, potentially increasing churn for ad-supported services if users blame platforms for lag. As AI developers look for residential IP addresses to bypass anti-bot defenses, the living room becomes a primary target for data harvesting. Watch for whether Samsung and LG follow Roku and Google in implementing platform-level restrictions on proxy-based monetization SDKs.
Additional Context
The Include Security findings follow a series of platform crackdowns on similar background proxy behaviors. Per Lowpass and The Verge in early 2026, Google, Amazon, and Roku restricted background SDKs that utilized consumer bandwidth, leading Bright Data to reportedly drop support for those specific ecosystems while maintaining its presence on Samsung’s Tizen and LG’s webOS. Technical teardowns by The Hacker News in June 2026 noted that such SDKs can allow up to 200 GB of proxy traffic per month, often bypassing local VPN configurations to relay data for AI scraping operations. This infrastructure risk coincides with intensifying regulatory scrutiny over smart TV data practices. Per Captain Compliance and Cybernews in March and April 2026, several U.S. states have moved to regulate automated content recognition (ACR). In February 2026, Samsung reached a settlement with the Texas Attorney General, committing to explicit consent requirements for data collection. Furthermore, Kentucky Governor Andy Beshear signed H.B. 692 in April 2026, which classifies smart TV viewing data as sensitive information and mandates affirmative opt-in consent before collection. These legal shifts indicate a narrowing window for manufacturers and app developers to use hardware for secondary monetization without clear disclosure.
Read full article at escudodigital.com