Your TV Might Be Renting Out Your Internet Connection
Millions of cheap Android TV boxes have been quietly routing criminal traffic through home connections. But the bigger story is what's happening on perfectly normal brand-name TVs.
Would you let a stranger use your internet connection and IP address to “search” the web?
If you or someone in your family owns one of those cheap Android streaming boxes, there’s a decent chance it has been routing other people’s internet traffic through your home connection without your knowledge. These are the $25 or $30 devices on Amazon that promise free access to every sports league and every streaming platform for a one-time fee. But before you shrug this off because you don’t own one of these devices, mainstream TVs are at risk too, so be sure to read to the end.
Last week, Krebs on Security published an investigation tracing the problem to a company that trades on the NASDAQ, meaning this isn’t some shadowy criminal operation running out of a basement. It’s a publicly listed business with shareholders and quarterly earnings. Researchers linked millions of compromised TV boxes to the NASDAQ traded company’s proxy network. The company disputes the characterization. The researchers stand by their findings.
Note for readers less familiar with the term: A proxy network routes internet traffic through someone else's connection, making requests appear to originate from that device rather than the actual source. A residential proxy is simply someone’s home internet connection being used to route third-party traffic. Businesses use proxies legitimately for things like price monitoring and market research, but the same infrastructure also powers ad fraud, credential theft, and worse.
What this kind of operation does, in plain terms, is turn your home internet connection into a commercial product. Someone pays for access to a residential IP address in your city. Their traffic gets routed through your box. To whoever is on the receiving end, the request looks like it came from your house.
Requests via a residential proxy look like they’re coming from a real household, not a data center, which is what makes them valuable. The customers using these aren’t always doing benign things, and your address ends up in those logs. The FBI’s March advisory on residential proxy networks lists the known use cases:
Ad fraud
Account takeovers
Bypassing fraud detection systems
Accessing illicit marketplaces
This isn’t only pre-loaded on hardware. Researchers found the software embedded inside free streaming apps as a hidden add-on called an SDK running quietly in the background. Apps with names like CRICFy, DooFlix, RTS TV, and CyberFlix are the kind of thing someone installs on an Android box to watch rugby or a soccer match.
After you install the app, the SDK runs in the background. Once your box joins the network, the proxy keeps running after you close the app. And so long as the app is installed, the connection never ends.
What the Legal Risk Actually Looks Like
The FBI’s advisory states that once a device is compromised, your IP address:
“can be used by threat actors to mask their online illegal activity, making the consumer appear responsible.”
Does that mean you’re at risk of legal liability if your streaming box is used by a third party for illegal activity?
Federal criminal charges require proving intent, and courts have been skeptical of IP-address-only evidence for a long time. A 2012 ruling out of the Eastern District of New York held that an IP address is no more conclusive than a telephone number. It tells you where a connection came from, not who made it. Actual prosecution is therefore unlikely.
The realistic risk is more mundane, but still disruptive to you. Here’s a reasonably likely scenario:
Criminal activity traces back to your address. Law enforcement contacts your ISP. Your ISP flags or terminates your account. Investigators show up or issue a subpoena before they’ve established you were not the actual user. You spend time and energy demonstrating that someone else was using your connection. You’re right, and eventually that gets sorted out. Meanwhile the criminal moved on to someone else’s box weeks earlier.
Riley Kilmer, co-founder of Spur Intelligence (a company that tracks these proxy networks professionally) put it plainly: “If they use your network for illegal activity, there’s a chance that law enforcement could come knocking at your door.” The burden of proving you didn’t do it still lands on you, even when the law technically presumes otherwise.
What to Do If You Own One of These Boxes
Stop using it on your main network. Put it on a guest network at minimum, or unplug it. A factory reset often isn’t enough. If the SDK is in the firmware rather than installed through an app, resetting the device doesn’t touch it. Replace it with a Roku, Apple TV, or Fire TV from a verified retailer if you want a clean start.
And regardless of what’s plugged into your TV, this post walks through privacy settings on every major platform, including what to disable and where to find it:
The Bigger Problem To Worry About For Most
Spur Intelligence scanned 6,038 apps across LG and Samsung’s smart TV platforms and found 2,058 containing residential proxy SDKs. On LG’s webOS, 42.5% of apps carried the code. On Samsung’s Tizen, 26.9%. These aren’t sketchy off-brand devices. They’re the TVs sitting in most living rooms.
Amazon explicitly prohibits apps that facilitate proxy services for third parties in its Device and System Abuse Policy. Roku has reportedly drawn the same line, with affected apps disappearing from the Roku store after the company flagged them. LG and Samsung have done neither. The same business model that Amazon bans and Roku reportedly blocks is running on webOS and Tizen right now, and neither company has published a policy addressing it.
In many cases the proxy company isn’t just supplying the SDK to app developers, it’s publishing the apps itself, shipping dozens of throwaway games, screensavers, and clock apps specifically to have somewhere to put the software. The app is just the vehicle (or a Trojan Horse, if you prefer). Your internet connection is what they’re actually selling.
One Pac-Man game on Samsung TVs makes the arrangement explicit at install: watch ads, or let the app use your TV’s connection for “web indexing.” That’s industry language for routing other people’s internet traffic through your home connection. And that’s the consent model LG and Samsung are apparently comfortable with.
If you have an LG or Samsung TV, the most practical step right now is to audit what’s installed and remove anything you didn’t deliberately add. That includes screensavers, clock apps, casual games, and anything that promises to be ad-free.
The no-name Android box problem has a fix. The brand-name TV problem is still waiting for the platforms to take action and crack down on this type of hidden practice.
Looking for help with a privacy issue or privacy concern? Chances are we’ve covered it already or will soon. Follow us on X and LinkedIn for updates on this topic and other internet privacy related topics.
Disclaimer: None of the above is to be deemed legal advice of any kind. These are *opinions* written by a privacy and tech attorney with years of working for, with and against Big Tech and Big Data. And this post is for informational purposes only and is not intended for use in furtherance of any unlawful activity. This post may also contain affiliate links, which means that at no additional cost to you, we earn a commission if you click through and make a purchase.
Know your doxxing risk. DoxxScore gives you a personalized exposure assessment and action plan in under 5 minutes. Get Your Risk Score →
Check out our new, free username generator to help you create unique usernames for different accounts. Reusing usernames is convenient, but terrible for your privacy. This tool makes it easy to create unique usernames on the fly.


