Skip to content
Opinion / Commentary

The Smart TV Is a Network Device. Most Enterprises Have Not Noticed.

The revelation that free apps are enrolling Smart TVs as residential proxy exit nodes is not primarily a consumer privacy story. It is a network security story about a class of device that has proliferated across enterprise environments — conference rooms, executive suites, hotel rooms during business travel — without being managed as a network security asset.

CipherWatch Editorial · Security Intelligence Platform
4 min read
Commentary

When security teams catalogue the devices on their corporate network, Smart TVs are unlikely to be prominent on the list. They are AV equipment — the province of facilities management, not information security. They have an IP address. They are on the corporate LAN, or the guest network if someone thought to segment them. And they are running a full Android or Tizen operating system with access to an application store, connected to the internet, receiving software updates (or not) from the TV manufacturer’s infrastructure.

The research disclosed this week — showing free apps silently enrolling Smart TVs as residential proxy exit nodes — is a useful prompt for reconsidering what category Smart TVs belong in. They are not AV equipment in any meaningful security sense. They are network-connected general-purpose computers running proprietary operating systems, with app stores of variable curation quality, managed by a different team from the people responsible for network security.

The Proliferation Problem

Smart TVs have proliferated into enterprise environments in ways that desktop computers and laptops did not: they entered through procurement channels that bypass security review. A facilities manager buys Smart TVs for conference rooms. An executive requests a display for their office. A hotel room has a Smart TV that a travelling employee connects to their corporate WiFi credentials to use the Netflix app. Each of these is a network-connected device with an operating system, running applications, and participating in network traffic — none were subject to the security review that would apply to a new laptop model.

The number of Smart TV devices on most enterprise networks significantly exceeds what security teams would estimate. An organisation with 1,000 employees and 100 conference rooms has at least 100 Smart TVs. If those devices are on the corporate LAN rather than a dedicated IoT VLAN, they have the same network access as any other corporate endpoint — and none of the endpoint security controls.

What the Proxy SDK Does

The proxy SDK embedded in free Smart TV apps is doing something that security teams would immediately recognise as a security incident if it happened on a managed corporate laptop: it is routing third-party network traffic through the corporate network, using the corporate IP address as an exit node, without authorisation.

The traffic being routed is predominantly AI web scraping. Some proxy network subscribers use residential IPs to bypass rate limiting on news sites and e-commerce platforms. Others use them to access platforms that block datacentre IP ranges. The enterprise’s corporate IP address is not just a home connection being abused — it is a reputation-sensitive network identity that can be flagged as a proxy exit node, potentially affecting the organisation’s ability to access services that block known proxy IP ranges.

More concerning: the proxy SDK routes arbitrary HTTPS traffic. The enterprise cannot inspect what is transiting through the enrolled device without breaking TLS — the same constraint that limits inspection of any encrypted corporate traffic. The device is an unaudited tunnel for traffic of unknown origin and destination.

The Governance Gap

The gap here is not primarily technical. Network segmentation solves the corporate network exposure problem — Smart TVs on a dedicated IoT VLAN with internet access but no corporate LAN routing cannot become an insider pivot point even if they are enrolled in a proxy network. The gap is governance: the decision that Smart TVs belong in a managed, segmented network zone requires someone to make that decision, own it, and enforce it through the facilities and AV procurement process.

Most enterprises have not made that decision explicitly. The default is implicit: Smart TVs end up wherever they are installed, on whatever network jack is in the room, managed by whoever bought them.

The proxy story gives that governance decision a concrete threat model. A Smart TV on the corporate LAN, running free apps that include proxy SDKs, is participating in commercial proxy infrastructure from inside the corporate network perimeter. That is worth deciding about deliberately, rather than by default.

Share this article