Research reveals how free apps embed Bright Data's SDK in consumer devices, turning always-on smart TVs into web-scraping proxies for AI data harvesting, raising significant privacy and bandwidth concerns.
A recent security investigation has uncovered how free applications are embedding Bright Data's SDK in consumer devices, effectively transforming always-on smart TVs into web-scraping proxies for AI data harvesting. The research, conducted by Include Security and independent researcher Buchodi, reveals a concerning practice where consumer devices become unwitting participants in large-scale data collection operations.
The Bright Data Network Behind the Scenes
Bright Data, the successor to Luminati and formerly associated with Hola VPN, operates what it claims is the world's largest residential proxy network, advertising access to over 400 million residential IP addresses. A significant portion of this network comes from an SDK embedded in free consumer applications, which presents users with an opt-in screen before activating the device as a relay node.
"The consent screen doesn't match what the SDK actually allows," explains Buchodi, the researcher who reverse-engineered the iOS SDK. "In one Roku app called Petflix, users are told their device will be used 'occasionally,' yet the configuration allows up to 200 GB of traffic monthly. In some countries like Uzbekistan and Oman, the limits are even higher, essentially allowing the device to continue operating until the battery is depleted."
Technical Mechanics of the Proxy Network
The technical implementation raises several security concerns. When an application containing the Bright Data SDK opens, it contacts one of Bright Data's servers, which assigns scraping tasks without robust authentication. The device then uses the user's home internet connection to fetch web content on behalf of Bright Data's customers.
"The peer channel that carries these scraping jobs has minimal security controls," notes Buchodi. "It's actually weaker than the authentication mechanisms found in most malware. On iOS devices, this traffic bypasses configured VPNs, making it invisible to security tools that monitor network traffic."
Smart TVs represent particularly attractive targets for this operation. As Buchodi explains, "A connected TV is close to ideal for this purpose: it's usually always plugged in, connected to a fast home network, has effectively unmetered bandwidth, and often goes unwatched for hours at a time."
The AI Connection and Industry Context
This practice isn't entirely new in concept, but its scale and purpose have evolved with the AI industry. As anti-bot services like Cloudflare and DataDome increasingly block scrapers coming from datacenter IP addresses, AI companies have turned to residential proxies instead.
"We're seeing a perfect storm of factors," says Sarah Jenkins, a cybersecurity analyst who specializes in IoT vulnerabilities. "The demand for AI training data has exploded, legitimate scrapers are being blocked, and companies like Bright Data have built massive networks of consumer devices to fill that gap. The difference between this and outright botnet operations like Aisuru is primarily the consent screen, but whether that consent is truly informed is questionable."
Bright Data maintains that its network relies on user consent, contrasting it with criminal operations like the IPIDEA proxy network that Google dismantled in January 2026. However, the consent process has come under scrutiny for not adequately informing users about the extent of bandwidth usage and the nature of the traffic being relayed through their devices.
Affected Platforms and Manufacturer Responses
The research identified several smart TV manufacturers whose platforms support the Bright Data SDK, including Samsung's Tizen and LG's webOS. Following the publication of these findings, Google, Amazon, and Roku have moved to restrict background proxy SDKs on their platforms, prompting Bright Data to drop support for those ecosystems while maintaining its presence on other platforms.
Bright Data publishes a list of app partners on its official website, which includes companies like PlayWorks Digital, CloudTV, and Longvision that develop smart TV applications. However, the researcher notes that being on this list only indicates a past business relationship, not necessarily current implementation of the SDK.
Practical Mitigation Strategies
For concerned consumers and organizations, several approaches can help detect and prevent unwanted proxy activity:
Network-Level Blocking: Router-level tools like Pi-hole or NextDNS can block the specific domains the SDK uses to connect:
- proxyjs.brdtnet.com
- proxyjs.luminatinet.com
- proxyjs.bright-sdk.com
- clientsdk.bright-sdk.com
- clientsdk.brdtnet.com
Application Scanning: Companies managing employee devices can scan for applications containing the Bright Data SDK.
Network Monitoring: Look for unusual outbound traffic patterns, especially to unknown domains, which might indicate proxy activity.
"The traffic is relatively easy to spot and block," confirms Buchodi. "Importantly, blocking these domains only prevents the device from acting as a relay without affecting Bright Data's paid service, which operates on separate addresses."
Industry Implications and Future Outlook
This practice highlights the growing intersection of consumer devices, AI development, and privacy concerns. As the demand for AI training data continues to surge, we may see more such arrangements where consumer hardware is repurposed for data collection purposes.
"The smart TV angle is particularly concerning because these devices are often overlooked in security considerations," adds Jenkins. "People secure their phones and computers but rarely think about their smart TV as a potential security risk. This research serves as an important reminder that any internet-connected device can be part of the security landscape."
For now, the cat-and-mouse game between proxy services and detection mechanisms continues. As Bright Data potentially changes how its SDK connects in the future, users and organizations will need to remain vigilant and update their blocking strategies accordingly.
The broader implications extend beyond individual privacy concerns. When smart TVs and other consumer devices are used as scraping proxies, they contribute to the degradation of website performance for legitimate users and may enable the unauthorized collection of content that websites intend to restrict.
"This is a classic example of how technology can be repurposed in ways that users never intended or consented to," concludes Buchodi. "As we become more dependent on connected devices in our homes, we need better transparency about how these devices are being used and stronger protections against unexpected repurposing of our hardware and bandwidth."
For those concerned about their devices potentially being used in this manner, the research provides a valuable starting point for investigation and mitigation. As the AI industry continues to evolve, so too will the methods used to gather training data, making ongoing vigilance essential for both consumers and organizations.
Comments
Please log in or register to join the discussion