Your smart TV, streaming box, projector, or other internet-connected home device may be doing more than playing movies. The FBI has warned that cybercriminals are compromising connected devices and using them to route illegal internet traffic through ordinary home networks. In plain terms, your home internet connection could be rented out or abused by criminals without you knowing.
The warning focuses on residential proxy networks and botnets that hijack home and small-business internet connections. In a March 2026 public service announcement, the FBI warned about residential proxy networks, explaining that criminals use these networks to hide their real identities and locations by routing traffic through innocent people’s home internet connections.
A separate FBI warning about home internet connected devices facilitating criminal activity described how cybercriminals exploit Internet of Things devices, including TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames, and similar products, to grow the BADBOX 2.0 botnet.
How a Smart TV Becomes a Criminal Tool
The scam does not usually begin with a criminal physically entering your home network. It often starts with a cheap or poorly secured internet-connected device. Some devices may come with malware already installed. Others may become infected through shady apps, pirated streaming services, fake updates, malicious software, or weak default settings.
Once compromised, the device can quietly connect to a command-and-control network. From there, criminals can use the device as a proxy. That means their traffic appears to come from your home IP address instead of theirs.
This is valuable to criminals because residential internet addresses look more trustworthy than known data-center servers. Fraudsters can use residential proxies to hide account takeovers, fake sign-ups, ad fraud, payment fraud, credential stuffing, malware delivery, spam, scraping, and other crimes.
To the outside world, the activity may appear to come from your household. That is what makes the warning so serious.
What Is a Residential Proxy Network?
A residential proxy network is a system that routes internet traffic through real home internet connections. Some proxy services are marketed for legitimate business uses, such as testing websites from different regions or gathering public data. But the same technology can be abused by criminals.
When a criminal uses a residential proxy, websites, banks, retailers, and security systems may see the request as coming from a normal home user rather than a suspicious server. This helps criminals bypass fraud controls, hide location, evade bans, and make automated attacks harder to detect.
The FBI says cyber threat actors use residential proxies to conduct illicit activity while hiding their real identity and location. If your device becomes part of that network, your internet connection becomes part of the disguise.
Why Smart TVs and Streaming Devices Are Attractive Targets
Smart TVs and streaming devices are attractive because they are always online, often rarely updated, and usually not monitored closely. People notice when a laptop slows down or a phone behaves strangely. They may not notice when a streaming box quietly sends traffic in the background.
Many low-cost streaming devices run versions of Android or Android-based software. Some are sold through online marketplaces at prices that seem too good to be true. They may offer free movies, free premium channels, or unlocked streaming apps. That convenience can hide serious security risk.
The Electronic Frontier Foundation’s analysis of the FBI warning on IoT devices noted that some compromised devices can act as network proxies, potentially making innocent owners appear connected to criminal activity. The risk is especially concerning because some malware may come pre-installed before the buyer even plugs the device in.
The BADBOX 2.0 Connection
BADBOX 2.0 is one of the botnets named in the FBI warning. A botnet is a network of compromised devices controlled by cybercriminals. Instead of using one hacked computer, criminals use thousands or millions of infected devices spread across homes and businesses.
The FBI said BADBOX 2.0 has involved compromised IoT devices such as TV streaming boxes, digital projectors, aftermarket vehicle infotainment systems, and digital picture frames. These devices can be used to conduct criminal activity, including fraud and other cyber operations.
Security outlet The Record reported that the BADBOX campaign infected millions of connected devices worldwide and that the resulting botnet was being exploited for criminal activity. The case shows how ordinary consumer electronics can become part of a global cybercrime infrastructure.
Why Cheap Devices Can Be Riskier
A bargain streaming box may look harmless, but some cheap off-brand devices have weak security, outdated software, unknown supply chains, or hidden malware. A device sold online may not have reliable manufacturer support, security updates, or transparent software controls.
Some products are designed to attract buyers with free or pirated content. That alone is a warning sign. A device or app promising unlimited paid channels for free may be making money another way. That other way could be ad fraud, data collection, malware installation, or turning your internet connection into a proxy for strangers.
The safest rule is simple: when a device offers expensive services for free with no clear business model, you may be the product.
How Criminals Can Profit From Your Internet
Criminals and shady proxy operators can monetize compromised home devices by renting access to them. Instead of directly hacking every target from their own servers, criminals buy access to residential IP addresses. Your home connection becomes one of the exits.
That access can be used for fake account creation, payment fraud, credential attacks, spam campaigns, scraping, bypassing geographic restrictions, and hiding the source of malware. In some cases, proxy networks may be used to support more serious crimes.
Reuters reported that Google, working with the FBI and Lumen, disrupted the NetNut residential proxy network after it was allegedly used in malware operations. That case showed how large residential proxy systems can become part of broader cybercrime ecosystems.
Why This Puts Innocent Users at Risk
If criminals route traffic through your home internet connection, the first digital trail may point to you. That does not mean you committed a crime, but it can create serious problems. Your IP address could appear in fraud logs, abuse reports, account attacks, or law enforcement investigations.
You may also face practical consequences. Websites may block your IP address. Streaming services, banks, email platforms, or shopping sites may trigger extra verification. Your internet service provider may send abuse notices. Your connection may slow down or hit data caps faster.
Even if no one knocks on your door, a compromised device can still cost you privacy, bandwidth, trust, and security.
Warning Signs Your Device May Be Compromised
Compromised smart TVs and streaming devices can be hard to detect because they often keep working normally. Still, there are clues. Your internet may slow down without explanation. Your router may show heavy traffic from a device that should be idle. The device may overheat, crash, reboot, show strange pop-ups, or install unfamiliar apps. Your network may be flagged by websites as suspicious.
Another warning sign is a device that cannot receive security updates or has no clear manufacturer support. If a product has unknown branding, no official update path, or vague documentation, it may be risky.
The FBI recommends checking home devices for signs of compromise and disconnecting suspicious devices from the network. If a device behaves strangely or cannot be updated, it may be safer to remove it completely.
What You Should Do First
The first step is to inventory your connected devices. Many homes have more internet-connected products than people realize. Smart TVs, streaming sticks, projectors, cameras, speakers, thermostats, doorbells, picture frames, printers, routers, tablets, gaming consoles, and even car accessories may connect to Wi-Fi.
Open your router app or admin page and look at connected devices. Rename known devices so you can recognize them. If something unfamiliar appears, investigate it. If a device is old, unsupported, or suspicious, disconnect it.
This simple check can reveal forgotten devices still sitting on the network long after anyone uses them.
Update Everything You Can
Updates matter because manufacturers patch security flaws over time. Smart TVs, streaming devices, routers, and apps should be updated regularly. If automatic updates are available, turn them on.
Routers are especially important because they manage the whole home network. Change the default router password, use strong Wi-Fi encryption, and install firmware updates. If your router is old and no longer supported, replacing it may be one of the best security upgrades you can make.
The Cybersecurity and Infrastructure Security Agency recommends keeping software updated, using strong passwords, enabling multifactor authentication where available, and being cautious about suspicious software and links. Those basics apply to smart-home devices too.
Avoid Pirated Streaming Apps
Pirated streaming apps and “free TV” services are a major risk. Some may ask you to sideload apps outside official stores. Others may require strange permissions or install unknown software. Once installed, malicious apps may run quietly in the background.
If an app promises free access to paid sports, movies, premium channels, or subscription services, treat it as dangerous. Criminals use piracy as bait because people are willing to bypass normal security steps to get free content.
Using official app stores and trusted streaming services is not perfect protection, but it greatly reduces risk compared with installing unknown APK files or modified apps from random websites.
Separate Smart Devices From Sensitive Devices
A useful security step is to put smart-home devices on a guest network or separate Wi-Fi network. That way, if a smart TV or streaming box is compromised, it has less access to laptops, phones, work devices, storage drives, and other sensitive systems.
Many modern routers allow guest networks. Some also support device isolation, which prevents devices on the same network from communicating with each other. This can limit damage if one device becomes infected.
This is especially important for people who work from home, handle financial data, run small businesses, or store sensitive files on home computers.
Check App Permissions
Smart TVs and streaming devices often include apps that request permissions. Some permissions make sense. A video app may need network access. A voice assistant may need microphone access. But unnecessary permissions should be treated carefully.
Remove apps you no longer use. Disable features you do not need. Avoid apps from unknown developers. If a device allows sideloading, keep it disabled unless you have a strong reason and understand the risk.
The fewer unnecessary apps and permissions a device has, the smaller its attack surface becomes.
Replace Devices That Cannot Be Trusted
Some devices are not worth saving. If a streaming box is unbranded, cannot be updated, came preloaded with suspicious apps, or was advertised for pirated content, it may be better to disconnect and replace it with a reputable product.
The same applies to old smart TVs that no longer receive updates. If you cannot update the TV itself, you can reduce risk by disconnecting its internet connection and using a trusted external streaming device that still receives security patches.
A cheap device can become expensive if it exposes your network to criminal traffic.
Why Smart TVs Are Also a Privacy Issue
Even when smart TVs are not infected with malware, they collect and transmit data. Many smart TV platforms track viewing habits, app usage, device identifiers, advertising data, and sometimes content recognition signals.
A research paper titled The TV is Smart and Full of Trackers found that smart TV apps and platforms frequently connect to advertising and tracking services. That research focused on privacy, not criminal proxy abuse, but it reinforces the same point: smart TVs are active internet devices, not passive screens.
If a device is connected to the internet, it deserves the same security attention as a phone or computer.
What to Do If You Suspect Infection
If you suspect a device is compromised, disconnect it from the internet immediately. Unplug it or remove it from Wi-Fi. Then change your router and Wi-Fi passwords from a trusted computer or phone. Reboot your router and check for firmware updates.
Factory resetting the device may help, but it is not always enough if malware is embedded deeply or pre-installed in firmware. For suspicious off-brand devices, replacement may be safer than reset.
You can also contact your internet service provider if you receive abuse warnings or notice unusual traffic. If you believe your network was used in fraud or cybercrime, you can report it to the FBI Internet Crime Complaint Center.
Why This Problem Is Growing
The smart-home market keeps expanding. Every connected device adds convenience, but also adds a possible attack point. Many consumers do not think of TVs, projectors, and picture frames as computers, but that is exactly what they are.
Cybercriminals like devices that are cheap, widely distributed, always online, rarely monitored, and poorly updated. Smart TVs and streaming boxes fit that profile too often.
As residential proxy networks become more valuable to criminals, home devices will remain attractive targets. The threat is not only about stealing your password. It is also about stealing the reputation of your internet connection.
Final Takeaway
The FBI is warning that compromised smart TVs, streaming devices, projectors, and other connected home electronics can be used to route criminal traffic through ordinary home internet connections. These devices may become part of residential proxy networks or botnets, allowing criminals to hide behind innocent users’ IP addresses.
The risk is highest with cheap, off-brand, poorly supported devices, suspicious “free streaming” products, pirated apps, and devices that cannot receive updates. Once compromised, a device may continue working normally while quietly helping criminals commit fraud, hide malware activity, or bypass security systems.
The safest response is practical. Check your connected devices, update firmware, avoid pirated streaming apps, change default passwords, use reputable brands, put smart devices on a guest network, and disconnect anything suspicious. Your smart TV may look like entertainment equipment, but once it connects to the internet, it becomes part of your home’s security perimeter.