Skip to content

Researcher Uncovers: Free Apps Misuse Smart-TVs as Unauthorized Web-Scraping Proxies

Bottom line: Bright Data embeds an SDK in free apps to exploit consumer devices as proxy nodes for web scraping without user consent.

A security researcher reverse-engineered the iOS SDK from Bright Data and demonstrated how it repurposes devices — including always-on Smart-TVs — as exit points for web-scraping traffic without user awareness or consent. The network is deliberately marketed to AI companies.

Bright Data, the successor organization to Luminati, operates what it claims is the world’s largest residential proxy network. The company distributes an iOS SDK embedded in free consumer apps that converts users’ devices into infrastructure for the proxy network — without those affected having knowledge or agreeing to it.

The devices function as exit nodes through which the company routes its web-scraping traffic. Particularly problematic is the use of Smart-TVs: these often run continuously, making them ideal conditions as persistent proxy nodes and evading regular oversight by household administrators. For users, the rerouting of their data traffic remains completely hidden.

Bright Data actively markets this service to the AI industry, as web scraping holds significant value for model training and data acquisition. This approach presents a substantial security and compliance challenge: companies can unwittingly become entangled in infrastructure whose activities compromise their own network policies and regulatory obligations.

For CISOs, this represents an additional perimeter-management risk — employee devices can not only harbor malware or espionage tools, but also actively contribute to circumventing security controls of other organizations, which poses potential liability and reputational risks.


Source: thehackernews.com · Published 6 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.5.

Share on: