Plume Uncovers SuperBox Streaming Devices Running Hidden Proxy Networks
Event summary
- Plume's investigation found SuperBox streaming devices contain dormant software that turns them into nodes in a residential proxy network, routing harmful traffic through home networks without user consent.
- The hidden proxy software, Popanet, was discovered in the Cyberflix TV app available through SuperBox's custom app store, which installs software silently with full administrative privileges.
- Plume mapped over 250 proxy server addresses and found the proxy network routing sensitive credentials, account takeover materials, and enterprise security bypass operations.
- The investigation revealed a security flaw in the proxy's code that exposes the home network, potentially extending the compromise beyond the device.
The big picture
Plume's findings highlight the growing complexity of connected homes, which are increasingly resembling corporate networks in terms of security threats. This investigation underscores the critical role ISPs play in detecting and resolving such issues, leveraging their unique vantage point and comprehensive datasets. The discovery of hidden proxy networks in consumer devices raises broader concerns about the security of the streaming ecosystem and the potential for similar vulnerabilities in other products.
What we're watching
- Security Risks
- How the discovery of hidden proxy networks in consumer devices will impact ISPs' approach to home network security and the potential for similar vulnerabilities in other streaming devices.
- Regulatory Scrutiny
- Whether this investigation will prompt regulatory action against the sale and use of devices with hidden proxy networks, and how ISPs may be required to respond.
- Industry Collaboration
- The pace at which ISPs and cybersecurity firms collaborate to detect and block threats originating from consumer devices, leveraging AI and large-scale network orchestration.
Related topics