Illegal Kodi plugins may compromise your personal security
Illegal Kodi plugins may compromise your personal security
Certain third-party add-ons used to find pirated material may no longer be trustworthy.
Charlie Osborne
By Charlie Osborne for Zero Day | July 26, 2017 -- 10:29 GMT (03:29 PDT) | Topic: Security
If you've been taking advantage of third-party Kodi add-ons to find pirated content, the trust you have placed in this software may now place your personal privacy and security at risk.
screen-shot-2017-07-26-at-11-27-59.jpg
TVAddons, once one of the most popular add-on services which pulled television shows, films, and other copyrighted content sources together for quick and easy streaming at home, was closed and went offline last month.
Peer-to-peer sharing software and torrents used to be the main focus of agencies and copyright holders, but with the ease of streaming services, TVAddons -- which catered for 40 million unique users in March alone and hosted 1,500 different add-ons -- also became a hot target for closure in an attempt to curb piracy.
Kodi, in itself, is a legal service. TVAddons, and a number of popular add-ons including Exodus which were hosted on the service's domains, however, may not have been -- depending on the licensing rules of the content searched for and streamed.
While former users may start looking for alternative means to stream pirated content now TVAddons appears to be dead in the water, it is not just access to content that pirates should be concerned about.
As reported by TorrentFreak, three domains previously operated by TVAddons are now under the control of a Canadian law firm.
TVAddons is currently being sued in Texas for copyright infringement, but no explanation for the shift has been forthcoming from the defunct company or lawyers involved in the case.
The problem lies deep. If you are in possession of a "fully loaded" Kodi device complete with add-ons which relied on the TVAddons domains for updates, as they are now in control of a legal entity, there can no longer be any trust in these domains.
Is Unsecured File Sharing Compromising Your Business?
White Papers provided by SolarWinds
Addons and updates are acquired by repositories -- so-called "repos" -- and permission is granted to make changes to a Kodi device. While the TVAddon domains are currently dormant, this can now change without any notice -- and the legal firm, or connected law enforcement, could theoretically use the domains as a channel to spy on Kodi users and their activities.
Speaking to the publication, Kodi project manager Nathan Betzen noted that as add-ons are little more than unsandboxed Python scripts, in theory, anything is now possible.
"If some malware author wanted, he could easily install a watcher that reports back the user's IP address and everything they were doing in Kodi," Betzen said. "If the law firm is actually an anti-piracy group, that seems like the likeliest thing I can think of."
The law firm in question has refused to answer questions related to the domain acquisition, and so since there is no protection in place for former TVAddon users, the most prudent thing to do in order to protect your privacy is to potentially remove all traces of the service from your streaming device, rather than risk a plugin going rogue