SendTech Times
CybersecurityNews|June 8, 2026 at 07:28 AM
AI SHIFT:

Smart TV Proxy SDKs Turn Free Apps Into a Hidden AI Scraping Supply Chain

BySTechTimes Editor|Source: Thehackernews
Article summary

Bright Data's SDK has been reverse-engineered in research showing how free apps can turn consumer devices, including smart TVs, into residential proxy nodes for web-scraping traffic. The issue matters because AI data harvesting is increasing demand for residential IPs, while consent screens and background network behavior may not be clear to users or IT teams.

Smart TV Proxy SDKs Turn Free Apps Into a Hidden AI Scraping Supply Chain
Image source: The Hacker News

Free apps become residential proxy infrastructure

Bright Data's consumer-app SDK has been reverse-engineered in research showing how free apps can turn user devices, including always-on smart TVs, into exit nodes for web-scraping traffic.

The company, previously known as Luminati, advertises more than 400 million residential IPs and describes an SDK-sourced pool of more than 150 million IPs.

The practical exposure is that a household connection and bandwidth can be used as someone else's scraping infrastructure.

Smart TVs are sensitive in that model because they are usually plugged in, connected to fast networks and left running for long periods.

Consent screens face a technical gap

The researcher found that the channel carrying scraping jobs lacked normal authentication controls and, on iOS, could bypass a configured VPN.

The SDK could also continue relaying traffic in the background while a user watched the screen or took a call, unless the battery was low.

One Roku app, Petflix, presented an opt-in screen saying the device and connection would be used occasionally.

The SDK settings reviewed in the research allowed up to 200 GB of traffic a month, with far higher limits in a few countries, including Uzbekistan and Oman.

AI demand changes the economics

Demand for residential IP addresses is rising as AI data harvesting runs into anti-bot defenses.

Cloudflare and DataDome can block scrapers using datacenter IPs and push scraping traffic toward residential connections.

That does not make consent-based proxy networks the same as criminal botnets.

Bright Data says its exit nodes opt in through a consent screen, while botnets hijack devices.

The key question is whether that consent is specific and durable enough when the device may be a living-room TV.

What device owners and IT teams can watch

Bright Data's public partner list includes smart-TV app makers such as PlayWorks Digital, CloudTV and Longvision, although the list alone does not prove a current app still carries the SDK.

Google, Amazon and Roku have restricted background proxy SDKs, and Bright Data dropped those platforms while still listing Samsung's Tizen and LG's webOS.

For households, the actionable watchpoint is unusual background traffic from free apps to Bright Data SDK-related infrastructure.

Router-level tools such as Pi-hole or NextDNS can help reduce that exposure when the relevant domains are identified.

The practical test is whether app stores, device makers and network administrators can make background proxy use visible before residential bandwidth becomes a hidden AI supply chain.

Share this article
inXf

Related articles

More
Silent Ransom Group Uses Fake IT Support Calls to Pressure Law Firms
Cybersecurity

Silent Ransom Group Uses Fake IT Support Calls to Pressure Law Firms

Silent Ransom Group is targeting U.S. law firms and professional services organizations with fake IT support calls, remote access tools and rapid data-theft extortion. Mandiant links the activity to UNC3753, Luna Moth and Chatty Spider, while the FBI has warned of related social engineering and in-person theft attempts.

ChatGPT Lockdown Mode Narrows AI Data Exfiltration Paths
Cybersecurity

ChatGPT Lockdown Mode Narrows AI Data Exfiltration Paths

OpenAI is rolling out Lockdown Mode for eligible ChatGPT users to reduce data exfiltration risk from prompt injection. The optional setting limits outbound web and tool capabilities, trading some product flexibility for stronger containment around sensitive workflows.

CISA Android and Linux Warnings Put Patch Timing Back on the Security Agenda
Cybersecurity

CISA Android and Linux Warnings Put Patch Timing Back on the Security Agenda

CISA added exploited Android and Linux vulnerabilities to its Known Exploited Vulnerabilities catalog. The Android flaw affects Android 14 through 16, while the Linux issue centers on older kernel branches and cgroups v1 container environments. The immediate test is whether agencies and infrastructure operators apply vendor updates or mitigations by CISA's June 5 deadline.

Palo Alto Sell-Off Shows AI Cybersecurity Demand Still Has a Timing Problem
Cybersecurity

Palo Alto Sell-Off Shows AI Cybersecurity Demand Still Has a Timing Problem

Palo Alto Networks shares fell more than 4% after stronger quarterly results and current-quarter guidance failed to satisfy investors looking for faster AI-linked earnings upside. CEO Nikesh Arora reiterated a fiscal 2030 target of more than 4,000 platformizations and a USD 20 billion NGS ARR goal. The practical test is whether AI-related security demand turns into NGS ARR progress as data center infrastructure is ordered, installed and brought online.

Keep Reading

More Stories

Latest
Gulf Hiring Freezes Put AI And Digital Transformation Skills At RiskEconomyJun 10, 2026Gulf Hiring Freezes Put AI And Digital Transformation Skills At RiskGulf companies are using hiring freezes to protect costs, but source-backed labour data shows continued shortages in AI, technology, fintech, compliance and digital transformation roles. The risk is that broad freezes can weaken delivery and retention just as skilled workers in the UAE and Saudi Arabia see strong job-market alternatives.Blue Owl ADGM Office Turns Abu Dhabi Finance Growth Into A Private-Credit SignalEconomyJun 10, 2026Blue Owl ADGM Office Turns Abu Dhabi Finance Growth Into A Private-Credit SignalBlue Owl Capital is opening a regional headquarters in ADGM, adding a $315 billion asset manager to Abu Dhabi financial hub as the centre reports 57% first-quarter growth in assets under management.Belfast Knife Attack Turns Into Public-Order And Migration Test For UK AuthoritiesPoliticsJun 10, 2026Belfast Knife Attack Turns Into Public-Order And Migration Test For UK AuthoritiesPolice in Northern Ireland are investigating a serious Belfast knife attack as attempted murder while urging calm after residents intervened and online footage triggered public-order concerns.Sandstone Raises $30M For AI Workflow Tools In Company Legal TeamsScience & TechJun 10, 2026Sandstone Raises $30M For AI Workflow Tools In Company Legal TeamsSandstone raised $30 million in Series A funding led by Lightspeed Venture Partners to build AI workflow tools for in-house legal teams at small and mid-sized businesses.SpaceX Fixed-Price IPO Turns Retail Allocation Into The Main Market TestScience & TechJun 10, 2026SpaceX Fixed-Price IPO Turns Retail Allocation Into The Main Market TestSpaceX is offering IPO shares at a fixed $135 price, leaving allocation of roughly $75 billion in shares, especially retail access, as the main test before Thursday offering and Friday trading.UAE Salary Deadline Turns WPS Payroll Into A First-Of-Month Payments TestFintech & Digital PaymentsJun 10, 2026UAE Salary Deadline Turns WPS Payroll Into A First-Of-Month Payments TestUAE private-sector salary rules triggered a sharp WPS payroll surge on June 1, with Al Ansari Exchange up more than 151 per cent and Al Fardan Exchange up 136 per cent, turning wage compliance into a first-of-month payments and cash-flow test.Sabertooth's $500 Million SPV Push Turns AI Startup Access Into A ProductAIJun 10, 2026Sabertooth's $500 Million SPV Push Turns AI Startup Access Into A ProductSabertooth Capital has invested nearly $500 million into 10 late-stage AI and deep-tech companies through single-deal SPVs, showing how access to scarce private technology rounds is becoming a product of its own.Google's $4.99 AI Plus Cut Turns Consumer AI Into A Bundle FightAIJun 10, 2026Google's $4.99 AI Plus Cut Turns Consumer AI Into A Bundle FightGoogle cut AI Plus from $7.99 to $4.99 per month and doubled included storage to 400 gigabytes, pushing U.S. consumer AI subscriptions toward lower-priced platform bundles.GM Sodium-Ion Storage Push Turns AI Data Center Power Into A Battery Market TestCloud & Data CentersJun 10, 2026GM Sodium-Ion Storage Push Turns AI Data Center Power Into A Battery Market TestGeneral Motors is expanding into grid-scale energy storage through Peak Energy, LG Energy Solution and Redwood Materials, making AI data center demand a battery commercialization test.NAVER’s 55-Megawatt NVIDIA Buildout Tests Sovereign AI Cloud DemandCloud & Data CentersJun 9, 2026NAVER’s 55-Megawatt NVIDIA Buildout Tests Sovereign AI Cloud DemandNAVER and NVIDIA are expanding sovereign AI infrastructure from a 55-megawatt starting point toward gigawatt scale, tying Korea’s AI factory ambitions to DSX software, GAK Sejong capacity and localized model services.UAE Retail Forecast Turns AI And Luxury Spending Into A $227 Billion Market TestEconomyJun 9, 2026UAE Retail Forecast Turns AI And Luxury Spending Into A $227 Billion Market TestThe UAE retail sector is forecast to reach $227.1 billion by 2033, while smart retail is projected to grow more than twelvefold as luxury demand, tourism, grocery growth and AI-enabled retail systems reshape the market.Perplexity’s 2028 IPO Plan Puts AI Search On The Mega-Listing WatchlistAIJun 9, 2026Perplexity’s 2028 IPO Plan Puts AI Search On The Mega-Listing WatchlistPerplexity CEO Aravind Srinivas said the AI search company is still planning a 2028 IPO as Anthropic, OpenAI and SpaceX prepare large listings that could reset AI valuation expectations.