Free Apps Can Turn Your TV Into a Web Scraper
TL;DR: A software kit used in many free apps is secretly turning devices like smart TVs into web-scraping tools. This allows a data company to use your internet connection to gather data for the AI industry.
Key facts
- Category
- Cybersecurity
- Impact
- Critical
- Published
- Source
- The Hacker News
Full summary
A software kit in free apps is quietly turning devices like smart TVs into web-scraping proxies for AI data companies.
A security researcher has discovered that a software development kit (SDK) from a company called Bright Data is turning consumer devices into web-scraping proxies. This SDK is embedded in various free applications, including those for iOS and smart TVs. Once an app containing the SDK is installed, it can quietly use the device's internet connection to relay web traffic for Bright Data's clients. This effectively makes the device an “exit node” in what the company calls the world's largest residential proxy network. This allows customers, including those in the AI industry, to scrape websites using real residential IP addresses, bypassing security measures that typically block data centers. Users are often unaware their devices and bandwidth are being used for this purpose.
This practice creates a significant software supply chain risk for developers and a privacy issue for consumers. By integrating this third-party SDK, app developers may unknowingly expose their users to security risks and reputational damage. A user's IP address could be associated with web-scraping activities they did not authorize, potentially leading to their IP being blocked by websites or flagged for suspicious behavior. For businesses, this highlights the critical need to vet all third-party code. An unaudited SDK can introduce hidden functionalities that compromise user trust and create legal liabilities, especially as the data gathered is often sold to feed the growing AI industry's demand for training data.
This situation underscores a broader trend where the monetization of “free” services can be opaque and invasive. The demand for vast amounts of web data to train AI models is creating a lucrative market for residential proxy networks. Developers and security teams must therefore be vigilant, scrutinizing the behavior and network traffic of all external libraries they incorporate into their products. Without proper due diligence, companies risk making their products—and their users—an unwitting part of a massive, hidden data-gathering infrastructure.
Related on Notifire
Related stories
Primary source: The Hacker News