50% of LG and Samsung smart TV apps embed residential proxies
4 hours ago
- #smart-tv-security
- #privacy-concerns
- #residential-proxies
- Smart TVs from LG and Samsung contain thousands of apps that turn devices into residential proxy nodes without constant user awareness.
- Researchers found proxy SDKs in 2,058 out of 6,038 analyzed apps on webOS and Tizen platforms, linked to companies like Bright Data, Massive, and Honeygain/Oxylabs.
- Residential proxy networks route traffic through consumer IPs, used for web scraping and ad verification, but can also hide malicious activity or access home networks.
- Smart TVs are ideal targets due to their always-on connectivity and low user interaction, with apps often gaining one-time consent and running background activities.
- Many proxy-enabled apps are simple games, screensavers, or tools, with Bright Data associated with 367 apps and Honeygain/Oxylabs with 16.
- Platform policies vary: Amazon bans third-party proxy services, Roku blocks such apps, but LG and Samsung lack public restrictions.
- Proxy apps pose security risks by operating on home networks with routers, printers, and cameras, potentially allowing attackers access if safeguards fail.
- Researchers cited the Kimwolf botnet as an example of abuse via residential proxies, noting blocklists in some SDKs to prevent private IP access.
- Companies defended their practices, emphasizing consent and abuse prevention, but Spur urges clearer policies, disclosures, and user controls on TV platforms.
- Consumers can reduce risks by reviewing installed apps, sticking to trusted developers, and removing unnecessary apps.