The device is the inventory

Spur published an analysis of smart TV apps shipping embedded residential proxy SDKs. The finding is not a memory corruption bug. There is no CVE, no CVSS vector, no patch boundary. The mechanism is a monetization SDK that converts the device into a third-party network exit node, and the trust violation lives in the developer’s build pipeline, not the silicon. Credit to dne for surfacing the writeup.

Start with what a residential proxy network sells. Access to IP addresses inside real consumer ISP allocations - Telstra, Comcast, Deutsche Telekom - instead of datacenter ranges that anti-fraud systems block on sight. Bright Data, formerly Luminati. IPRoyal Pawns. Honeygain. PacketStream. Infatica. The demand side is legitimate on paper: ad verification, price scraping, geo-testing. The supply side is the problem. To hold tens of millions of residential IPs, the network needs tens of millions of consenting - or unwitting - devices acting as exit relays. The device is the inventory.

Proxyware is its own bug class. It is not a defect in the device. It is functionality executing exactly as written, on behalf of a party the device owner never identified. CWE-829, inclusion of functionality from an untrusted control sphere. In the worst case it crosses into CWE-506, embedded malicious code. The boundary that breaks is the one between the app’s stated function - streaming, casual games, a remote-control utility - and the code the app actually runs on the local network. Nothing in the binary is malformed. The malice is in the trust delegation.

The SDK is the recruitment layer. A developer building a free smart TV app integrates a monetization SDK because the vendor pays per enrolled device and per gigabyte of relayed traffic. The developer’s mental model is an ad network. The runtime reality is a proxy node. The SDK opens a persistent outbound control channel, registers the device into the operator’s pool, holds the session through carrier-grade NAT with keepalives, and relays arbitrary third-party sessions originated by paying proxy customers. The developer audited the SDK’s documented behaviour. The documented behaviour and the executed behaviour are not the same surface, and the gap is the operator’s to define at runtime.

The proxy operator controls the destination, the protocol, and the payload of every relayed session. The device controls one thing: the source IP the packets leave from. From the target server’s perspective the connection originates from a residential cable subscriber in the correct city, with a clean reputation score, behind a consumer ISP. That is the entire product. The exit node launders attribution. Credential stuffing against Okta tenants, account takeover against retail logins, sneaker and ticket inventory bots, scraping that violates rate limits - all of it inherits the residential device’s trust rating. The TV’s owner absorbs the abuse reports, the IP blocklisting, and in some jurisdictions the downstream legal exposure for traffic they never generated.

The target side sees clean residential traffic. That is the point of the network and the reason datacenter-IP blocking does not stop it. A login wall that rejects 40 percent of datacenter ASNs passes the same automation when it arrives over a residential exit. The proxy customer rotates through a fresh consumer IP per request. Detection on the target collapses to behavioural signals - velocity, device fingerprint reuse, impossible-travel claims in the session token - because the network-layer reputation signal has been neutralised by the relay.

None of this is theoretical. 911 S5 - DOJ takedown, May 2024. The operator, YunHe Wang, assembled more than 19 million unique residential IPs by bundling proxy code into free VPN apps: MaskVPN, DewVPN, ProxyGate. The indictment tied the network to billions in fraudulent pandemic-relief claims and put roughly 99 million dollars in revenue on the operator’s side. The recruitment pattern was identical to the SDK case: a free app, a buried consent string, a device silently enrolled as an exit relay. The user installed a product. The product installed the user into a botnet.

BADBOX is the IoT-native form. FBI public advisory, June 2025. Android Open Source Project devices - off-brand TV boxes, projectors, tablets - shipped with a backdoor in the Triada lineage, present before the box reached the buyer. BADBOX 2.0 enrolled over a million devices into a combined residential-proxy and ad-fraud network. PEACHPIT was the ad-fraud module riding the same control plane. HUMAN Security and partners sinkholed portions of it. In some cases the compromise was at manufacture, in others through malicious app updates post-sale. The delivery vector varied. The terminal state did not: the device became residential infrastructure for rent.

The behaviour maps cleanly to ATT&CK. T1496.002, Bandwidth Hijacking - the resource-hijacking sub-technique covering the sale of a victim’s network connection through proxyware. T1090, Proxy, and T1090.003, Multi-hop Proxy, for the relay function itself. T1608, Stage Capabilities, for the operator standing up and seeding the exit pool. There is no initial-access exploit in the classical sense. Initial access is the install, and the install is consensual on paper. That property is what makes the technique durable against signature-based controls. There is no malicious sample to flag when the sample is a store-signed app.

Telemetry is where this turns hostile for defenders. A smart TV runs no EDR agent. No Sysmon, no Event ID 3 for network connection, no module-load record, no process-creation event. No Windows Security log because there is no Windows. The endpoint is a sealed vendor Android fork the network owner cannot instrument. Every host-based detection assumption fails at the device boundary. The host is the blind spot by construction, and the operator selected IoT precisely because the host cannot testify against it.

Detection moves entirely to the network, and the usable signal is behavioural. A streaming device has a narrow, predictable egress profile: a CDN, a DRM license server, a telemetry endpoint, a DNS resolver. A device acting as an exit node breaks that profile. NetFlow records fan-out, with connections to thousands of unrelated destinations across unrelated ASNs and no relationship to any media service. Underneath sits a long-lived outbound tunnel to the SDK control plane, usually TLS on 443 to blend with normal egress, sometimes WebSocket-framed. JA3 and JA4 client fingerprints from the proxy SDK diverge from the fingerprints the TV’s own streaming apps produce against the same port. DNS shifts from a handful of stable media domains to high-cardinality, short-lived lookups driven by whatever the paying proxy customer is targeting that hour.

Reverse classification closes the gap when internal telemetry runs out. Spur and Censys both maintain datasets flagging IP addresses observed operating as residential proxy exit nodes. An egress IP belonging to a corporate or operational-technology subnet appearing in those feeds is a direct indicator that a device on that subnet is enrolled. The practical SIEM correlation is the contradiction: a single internal IP that is simultaneously a known smart TV by asset inventory and, per external telemetry, a live commercial proxy endpoint. One identity cannot honestly be both. The overlap is the alert.

There is no patch because there is no defect to fix. The SDK is signed. It is in the store. It passed review. The consent string exists, somewhere, inside a EULA the user scrolled past at setup. The residual exposure is structural, not version-bound. Every monetization SDK a developer integrates is code from an untrusted control sphere executing with the host app’s network identity, and the only enforcement point that holds is egress. Removing one named SDK does not change the model. The next vendor pays the same per-gigabyte rate for the same primitive.

The Australian framing is direct. Under the SOCI Act, a smart TV inside a critical-infrastructure operator’s environment that silently becomes a third-party egress point is an uncontrolled data pathway on a regulated network, and the operator carries the obligation to know it is there. Privacy Act exposure attaches the moment relayed sessions share a network path with systems holding personal information, because that egress is now co-resident with an unknown party. The control is network segmentation and egress allow-listing for every IoT and unmanaged device, paired with continuous comparison of internal egress IPs against residential-proxy classification feeds. A device that cannot run an agent and cannot be inspected has exactly one source of evidence - its traffic - and that traffic has to be collected and validated before the device is trusted to reach anything beyond its named endpoints. If an active enrolment is confirmed on a production segment, it routes to the security team for containment, not to a help-desk ticket.

The vulnerability was never the TV. It was the developer’s assumption that an SDK does only what its documentation claims.

---

#ad Contains an affiliate link.