Kodi (formerly XBMC) is a free and open source media player application developed by XBMC/Kodi Foundation. Available for multiple operating systems and hardware platforms, Kodi is an amazing piece of software that lets you stream apps and on-demand services onto your TV. Users get to play and view videos, music, podcasts and other digital media files from local and network storage media and the internet. Over the past few years, Kodi has been gaining popularity mainly because of the ecosystem built around add-ons. However, now the very ecosystem that makes Kodi so popular is likely to pose serious security risks to users. Read on to find out more!
Kodi users stare at security risks after TVAddOns shutdown
TVAddOns, the unofficial library for piracy-friendly add-ons unexpectedly went offline about a month ago. TVAddOns featured around 1,500 unofficial Kodi add-ons allowing users to stream unauthorised TV shows, movies, sports, live TV and other content for free. In March alone, about 40 million users accessed their extensive library, as several Kodi Pirates relied on their regularly updated content for crucial add-on updates.
However, amidst strict measures being taken the world over to counter piracy, US satellite broadcaster Dish Network targeted TVAddons as well as Kodi add-on ZemTV in a copyright infringement lawsuit. Ever since the lawsuit was filed, TVAddOns has gone silent and remains inaccessible. And now, three domains previously operated by TVAddOns have been transferred to a law firm in Canada. While this looks seemingly unimportant, it may have far reaching security concerns.
According to reports, TVAddon’s domains are now under the control of a law firm. While there’s nothing to worry about as of now since the domains are currently inactive, Kodi Project Manager Nathan Betzen is concerned about security threats the current move will bring in. Technically, the person in-charge of the repos can do whatever they want to do and this raises serious security concerns.
“These are unsandboxed Python addons. The person [in control of] the repo could do whatever they wanted. You guys wrote about the addon that created a DDoS event. If some malware author wanted, he could easily install a watcher that reports back the user’s IP address and everything they were doing in Kodi. If the law firm is actually an anti-piracy group, that seems like the likeliest thing I can think of”, says Nathan Betzen.
It could also be that the law firm is holding the domains so as to prevent them from going live again. But the firm’s refusal to answer questions has everybody speculating about security threats. TVAddOns’ social media accounts have gone mute. Their Twitter feed hasn’t been updated for over a week and Facebook page has disappeared. In the backdrop of these events, it remains to be seen if TVAddOns is considering making a comeback.