Plume Security Labs Uncovers Alarming Proxy Network in SuperBox Streaming Devices Affecting Home Networks

Alarming Discovery by Plume Security Labs

In a recent investigation, Plume Security Labs has unveiled significant vulnerabilities within SuperBox streaming devices that could compromise the security of countless households across the United States. These devices, which are widely available at major retailers, have been found to contain hidden proxy software capable of routing potentially harmful internet traffic through users' home networks. This alarming finding raises serious concerns about cybersecurity in the era of advanced smart home technologies and interconnected devices.

SuperBox devices, designed for streaming media, were found to have dormant software that, when activated, turns the user's home internet connection into a part of a residential proxy network — referred to as SuperProxy. This proxy silently routes traffic from unknown third parties, including sensitive data like stolen credentials and information potentially used for enterprise security bypass operations, without the consent of the consumer.

The Investigation Unfolds

The report published by Plume details a thorough investigation triggered by anomalous outbound traffic observed from a high volume of these streaming devices. The noticeable spike in data transfer caused residential network instability, prompting Plume's Security Labs to delve into the issue. Through months of examination, they discovered that thousands of SuperBox devices were relaying a staggering number of daily outbound connections, effectively turning them into conduits for malicious third-party traffic.

According to Chris Griffiths, CTO of Plume, the average connected home has become increasingly complex, resembling a corporate network in its potential vulnerabilities. With ISPs (Internet Service Providers) now positioned uniquely to detect and mitigate such threats, Griffiths advocates leveraging artificial intelligence and expansive network resources to preemptively identify and address anomalies, ensuring consumer safety.

Key Findings from the Research

1. Secret Proxy Activation: One of the streaming applications within SuperBox, known as Cyberflix TV, contains hidden proxy software named Popanet. Once activated, this software registers the device with a remote command server, beginning the process of relaying foreign internet traffic. Plume’s analysis highlighted that each device made tens of thousands of outbound connections daily.

2. Sensitive Data Compromise: Researchers intercepted traffic flowing through the proxy, revealing sensitive information, including login credentials for various platforms and verification codes that could facilitate account takeovers. This alarming data revealed that consumer broadband connections were unknowingly involved in harmful online activities.

3. Mapping the Proxy Network: Plume’s team successfully reverse-engineered Popanet's command and control protocol, mapping over 250 verified proxy server addresses across multiple hosting providers, indicating a sophisticated operation.

4. Exposed Home Network Vulnerabilities: The software’s design actively attempts to obscure access to the local network. However, a flaw has been identified that allows remote proxy users to access local network services, representing a severe vulnerability that could extend the breach beyond the streaming device itself.

5. Bypassing Security Protocols: The SuperBox's custom app store permits silent installation of applications with full administrative privileges, overriding standard Android safety checks. This undermines user control over device security and opens the door for further exploitation.

Moving Forward: The Next Steps

Plume is committed to identifying and isolating these proxy operations, contributing valuable intelligence to its ISP partners. The investigation's findings showcase the increasing need for vigilance and proactive measures in consumer device security.

This inquiry is only the beginning; it is the first installment of a series aimed at exploring and exposing hidden security issues within SuperBox devices. Future parts will delve deeper into the malware ecosystem leveraging these vulnerabilities, and reveal how Plume is empowering ISPs to better protect their consumers.

Plume Design, established in 2016 as a pioneer in managed Wi-Fi for ISPs, continues to grow as a leader in subscriber experience, maintaining over 500 million connected devices in 58 countries. Its open-source framework and artificial intelligence innovations help in cultivating safer and better-connected homes worldwide.

For those concerned about their streaming devices and online safety, this report underscores the critical importance of cybersecurity vigilance in every connected home.