Kodi is a powerful and free home theatre software which is becoming popular each day. People install it on almost everything nowadays from TV Stick, Android TV Boxes, Windows, iPad, Nvidia Shield to Chromecast.
Kodi is open-source and legal, and you can freely download and install it on whichever device you want. Volunteers usually maintain Kodi, and they do a great job. However, it is too much to ask them to account for scenarios where hackers may try to take advantage of the work they do. Here are some of the precautions you need to take into account when using Kodi add-ons.
Man-in-the-Middle Attacks
When you launch Kodi, it will check for new updates for all the add-ons installed and download them if necessary. The whole process will happen over the unencrypted HTTP. This implies that an attacker can intercept the traffic and send a malicious add-on to the user. This is referred to as the man-in-the-middle attack, and it is simple to pull off but very common. With the malicious add-on in place, it can execute Python codes.
You can mitigate such attacks with VPN but not prevent them fully. A VPN will encrypt the traffic between the PN server and your device, which prevents such hacks. There is, therefore, little chance that the attacker can intercept traffic between the add-on repository and the VPN server.
Devices with Pre-Installed Kodi
Installing Kodi is relatively simple on devices that support it, but some prospective users may choose to forgo the hassle and buy devices with Kodi pre-installed. Such users need to be very wary, since such devices may contain backdoors through which hackers can take advantage. It would be difficult to remove those exploits if you bought some off-brand Kodi box with Kodi pre-installed. The best thing to do is wipe off the system completely and reinstall Kodi from the OS on up.
Malicious Add-ons
This is the biggest threat to Kodi users. The basic Kodi software on its own will not contain any content, and its official repository is limited. A majority of users stream video through unofficial third-party add-ons. Since these are not sanctioned by Kodi, they do not undergo any inspection. Malicious add-ons can execute code on your PC to escalate privileges, install malware and steal data. Stick to well-reviewed, popular add-ons and repositories as savvy users are likely to spot vulnerability and inform the public.
ISO Snooping
Most Kodi add-ons stream from legally questionable sources. These include torrents, live IPTV streams and unsanctioned streaming sites. Copyright trolls and other entities working for right holders, therefore, can be monitoring torrents and links for the IP addresses of Kodi users. After gathering hundreds of IP addresses, they can choose to contact the ISP hosting the IP addresses. The ISPs can then choose to throttle the user’s bandwidth, ask the user to cut out Kodi or email the user a settlement letter for compensation.
