Kodi Hardware Add-on Users, Mostly At Risk With Malware
Kodi used to be a software-only solution that provides a user seeking to share media in a certain geographic area seamless, but the people behind the software went ahead and supplied their patrons with hardware version. This lessened the need for someone to have the technical expertise in setting up a separate PC for media consumption and sharing for the home/neighborhood. Making Kodi just like any other appliance for the home, commoditization brings a bad problem of malware infection, however.
More and more security and privacy organizations distrust the makers of Kodi the software, let alone its appliance counterpart. The Digital Citizen Alliance (DCA) has nothing but the bad comment about Kodi’s hardware, especially of it allegedly being the centerpiece of piracy in the neighborhood. As per their study, Kodi Box, they gray market $100 machine is a dream piracy device of the 270 Americans they have surveyed, but at the same time at risks with a malware infection.
The Kodi software itself, open-source software is not designed for piracy but rather just a tool for sharing content. But most of the users were not keen on checking if the content being shared and used through the software is legal or not.
“By plugging the device into a home network, [users] are enabling hackers to bypass the security designed to protect their system. If apps on the box or that are later downloaded have malware, the user has helped the hacker past network security. (We) uncovered a clever scheme that enabled criminals to pose as well-known streaming sites, such as Netflix, to facilitate illegal access to a legitimate subscription of an actual Netflix subscriber,” explained a Digital Citizens Alliance representative.
DCA has partnered with an IT Security firm, Group sense to monitor black market sales. The latter found evidence of hacker group discussing amongst themselves the feasibility of tapping to Kodi in order to propagate their malware, expand their botnet and the chances of successfully planting a crypto jacking malware to the computers of the victims while sharing content.
Kodi is an open-source software can be extended beyond the features the authors provided it by default. Some versions of Kodi were deliberately rebuilt to include capabilities to attempt a DoS attack against a certain target chosen by the hacking groups. XBMC, the developers of Kodi strongly deny the accusation that their creation is the culprit for helping expand malware infection. XBMC also highlighted the fact that they do not support platform expansion to original Kodi. Such add-on products are creations of their respective vendors and XBMC was not in any way involved with the development of those add-ons, hardware or software.
“If you are selling a box on your website designed to trick users into thinking broken add-ons come from us and work perfectly, so you can make a buck, we’re going to do everything we can to stop you,” said an XBMC representative.
The bottom line, the choice of using Kodi’s unofficial extensions and hardware add-ons is the responsibility of the user. If they purchase those unsupported products, XBMC cannot be blamed for any issue arising for the use of those products.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.