2015-09-24, 19:09
The more I delve into the innards of Kodi and how the add-ons actually work, the more concerned I get about the potential for installing malicious code disguised as add-ons.
If you think about it, the majority of the Kodi installations reside on people's home networks which makes all of the data on their home machines potential security breach targets.
One add-on written by an experienced hacker that gets installed in Kodi attached to the home network could provide Internet access to the shell and make Kodi a jumping off point for the rest of the home network.
Another concern I have is the possibility of a virus infecting Kodi installations and rendering them unusable. The way things are with add-ons these days, people often Google for an add-on that sounds great, follow the link and just install it, there doesn't seem to be any way to check to see if the add-on is safe or of it is the correct version. I recently had a bad installation of SportsDevil, not sure where I got it from but I eventually found the correct package which actually works and updates correctly.
I would like to get some feedback on ways to safeguard Kodi add-on files, possibly using at least an online MD5 hash database so that the community is not just installing add-ons in willy nilly fashion.
I am also interested in getting suggestions on security measures that can be taken to better secure Kodi running on the Amazon FireTvStick platform as well as Rasberry PI.
Atomic
If you think about it, the majority of the Kodi installations reside on people's home networks which makes all of the data on their home machines potential security breach targets.
One add-on written by an experienced hacker that gets installed in Kodi attached to the home network could provide Internet access to the shell and make Kodi a jumping off point for the rest of the home network.
Another concern I have is the possibility of a virus infecting Kodi installations and rendering them unusable. The way things are with add-ons these days, people often Google for an add-on that sounds great, follow the link and just install it, there doesn't seem to be any way to check to see if the add-on is safe or of it is the correct version. I recently had a bad installation of SportsDevil, not sure where I got it from but I eventually found the correct package which actually works and updates correctly.
I would like to get some feedback on ways to safeguard Kodi add-on files, possibly using at least an online MD5 hash database so that the community is not just installing add-ons in willy nilly fashion.
I am also interested in getting suggestions on security measures that can be taken to better secure Kodi running on the Amazon FireTvStick platform as well as Rasberry PI.
Atomic