Add-ons outdated
#1
The problem of outdated add-ons exacerbates the threat of a MiM attack.
According to some estimates, as much as 25% of all repositories are either dead, dormant, or have outdated content. But as mentioned above, Kodi doesn’t know these add-ons and repositories are dead. Unless you manually remove them from your system, Kodi will keep trying to download updates.
These are ripe for MiM attacks. It’s very easy for the hackers to find a dead repository and hijack thousands of devices as a result.
The only way to find outdated add-ons is to either read the log (complicated) or regularly check the add-on’s portal (time-consuming).
As always, the implications are wide-ranging and potentially severe. Hackers could clone personal information, steal passwords, and even instigate a complete takeover of your machine.
Reply
#2
The only repo we provide, support, manage the content of and are responsible for is the official built-in one.

What you say is true, but as they are 3rd party repos found and installed by the user then it should be their responsibility to look after their own install shouldn't it? At some point the user has to take responsibility for their device, both in terms of what they install on it and also in how they use it, what sources or other media outlets that they use and any potential repercussions thereof.

There is no easy way to know that a 3rd party repo is "dead", and we neither have the manpower nor the will to try and monitor what people may chose to do with their own devices in the privacy of their own homes.
|Banned add-ons (wiki) Forum rules (wiki)|VPN policy (wiki)|First time user (wiki)|FAQs (wiki) Troubleshooting (wiki)|Add-ons (wiki)|Free content (wiki)|Debug Log (wiki)|

My Blog Posts
Reply
#3
Not to mention even non-outdated 3rd party addons could do the same cloning personal information or stealing of passwords, or join your device to a botnet or surreptitiously mine cryptocurrency. I agree with @DarrenHill -- outside of the official Kodi repository, the responsibility is on the user for the repositories and addons that the user chooses to install.
Reply
#4
This is why I only use the official repository.
HTPCs: RPI 2B & 3B+ 
Control: Google Home + RPI1B Webhooks Server
Audio: Pioneer VSX-819HK & S-HS 100 5.1 Speakers
Server: Acer ASX3400, 4GB RAM, 6.5TB HDDs, Xubuntu Core 18.04, NFS, MySQL
Reply
#5
For me, I do deviate from the official repo at times, but they are still from trusted resources such as:
  • LibreElec's official repository,
  • Addons such as 'Netflix', 'Prime' and beta Amazon Skills for Kodi which are found via the official Kodi forum

The ONLY time it's not from an official channel is when I install a modified Estuary Skin.... Which I modify myself...

As my home network is also used for business, and hosting an email server, the last thing I need is an add-on going rogue on me, so piracy aside, this is more of a security issue for me, as Kodi and Libreelec's repos are maintained I have 99% trust that these will work fine. Whereas the addons found on the forum, if an issue arrises then hopefully a forum member would alert any risk, and the only one that poses some risk is my modified skin, really the only thing that can happen is at best, I cannot spell, or at worst, the skin breaks!

TL : DR use common sense the installing repos and add-ons - third party or otherwise!
Server: Windows Server 2016 Standard Hyper-V with Ubuntu Server VM, NFS shares and MySQL
Kodi: 2 Raspberry Pi 3 running Libreelec
My Setup thread | Setup Ubuntu / TVH / Schedules Direct
Reply
 
Thread Rating:
  • 0 Vote(s) - 0 Average



Logout Mark Read Team Forum Stats Members Help
Add-ons outdated00