A cheap streaming box or digital photo frame ordered off a major marketplace looks like a low-stakes purchase, the kind of impulse buy that gets unboxed, plugged in and forgotten. New testing suggests some of those devices are doing far more than displaying vacation photos or streaming shows. They are quietly turning a household’s own internet connection into a tool for someone else’s criminal activity, without the owner ever noticing.
The discovery centers on a category of budget connected devices sold through two of the country’s largest online marketplaces, and it points to a gap in oversight that consumers have little practical way to detect on their own.
What testing uncovered
According to reporting from Tech Times, journalists purchased five budget connected devices from Amazon and Walmart in June 2026, two digital photo frames and three streaming “super boxes,” all priced under $800 combined. Every one of the five arrived from the factory with hidden software already installed, and that software began routing outside internet traffic through the buyers’ home connections almost immediately after setup.
The mechanism at work is known as a residential proxy network. Rather than a criminal’s own internet connection showing up in any investigative trail, the traffic is bounced through an ordinary household’s IP address instead, making illicit activity, from fraud to distributed denial-of-service attacks, appear to originate from an innocent home rather than the person actually responsible. Criminal operators pay for access to networks built this way precisely because a residential IP address is far less likely to be flagged or blocked than one traced to a known data center or hosting provider.
The scale of the problem
The report cites an estimate that roughly 20 million U.S. homes could be affected by this category of pre-compromised device. That figure reflects the scale of the budget connected-device market rather than a device-by-device audit of every product sold, but it lines up with warnings the FBI itself has already issued. The bureau confirmed this threat category in formal public service announcements released in January and March of 2026, flagging home internet-connected devices as a vector criminals are actively exploiting to route illegal traffic through residential networks nationwide.
Investigators who examined the affected devices found that most of the hardware involved was manufactured in China, though the reporting stops short of asserting that manufacturing origin alone explains the compromise; supply chains for budget electronics routinely pass through many hands between factory and marketplace listing, and any one of those points could introduce hidden software before a device ever reaches a customer.
Why marketplace oversight is falling short
Perhaps the most striking finding in the reporting is not the existence of compromised devices but the apparent absence of any system to catch them before they reach buyers. Neither Amazon nor Walmart has a verification process that checks the software contents of connected devices sold through their third-party marketplaces prior to those products shipping to customers. That gap means a device can be listed, sold and delivered with criminal proxy software already embedded, and no party in the transaction, not the marketplace, not the buyer, is positioned to catch it before it is plugged in and connected to a home network.
Third-party marketplace models, which allow independent sellers to list and ship products with minimal platform-level inspection, have long been criticized for enabling counterfeit goods and unsafe products to reach consumers. This reporting extends that criticism into a new category: connected devices that function normally on the surface, displaying photos or streaming video exactly as advertised, while running compromised software in the background that a typical buyer has no way to detect through ordinary use.
What the FBI has told consumers to do
Federal investigators have offered concrete guidance for people concerned about whether their home network has been drafted into one of these criminal proxy operations. The bureau’s public alerts recommend that consumers scrutinize unusually cheap connected devices, particularly ones sold by unfamiliar third-party sellers, and watch for signs of a compromised network such as unexplained slowdowns, unfamiliar devices appearing on a home router’s connected-device list, or unexpected spikes in data usage.
Beyond the FBI’s own guidance, the reporting notes that a security firm called Spur offers a free public tool that lets anyone check whether their home network’s current IP address is registered as an active residential proxy node, giving consumers a way to test their own connection without needing specialized technical expertise. Checking a router’s administrative panel for unrecognized connected devices remains one of the more accessible steps an average household can take, alongside keeping router firmware updated and changing default administrative passwords, a step many consumers skip entirely when setting up new hardware.
The broader stakes for connected-device buyers
The findings arrive as the volume of low-cost connected devices sold through online marketplaces continues to climb, from photo frames and streaming boxes to smart plugs, cameras and other Internet of Things hardware marketed on price above all else. Each additional category of cheap connected hardware represents another potential entry point into a home network, and the FBI’s repeated public warnings on this specific threat, issued twice in the first several months of 2026 alone, suggest federal investigators consider the problem to be both active and growing rather than an isolated incident tied to a handful of bad-faith sellers.
For consumers, the practical takeaway is less about avoiding smart-home technology altogether and more about treating unusually cheap, unbranded connected devices with the same skepticism typically reserved for suspicious emails or unfamiliar phone calls. A device that streams video or displays photos exactly as promised can still be doing something else entirely once it is connected to a home’s Wi-Fi, and until marketplaces build in the kind of verification that currently does not exist, that risk falls almost entirely on the buyer to manage.
Morning Overview produced this article with AI assistance and reviewed it against the cited sources.
More from Morning Overview
- An 80-foot stepped pyramid off Japan may predate every civilization we can name
- A common blood-pressure pill may be quietly speeding kidney damage in diabetics
- A skeleton beneath Petra’s Treasury was found clutching a chalice that resembles the Holy Grail
- Clues keep emerging that an advanced civilization may predate recorded history