Add-ons outdated
#1
The problem of outdated add-ons exacerbates the threat of a MiM attack.
According to some estimates, as much as 25% of all repositories are either dead, dormant, or have outdated content. But as mentioned above, Kodi doesn’t know these add-ons and repositories are dead. Unless you manually remove them from your system, Kodi will keep trying to download updates.
These are ripe for MiM attacks. It’s very easy for the hackers to find a dead repository and hijack thousands of devices as a result.
The only way to find outdated add-ons is to either read the log (complicated) or regularly check the add-on’s portal (time-consuming).
As always, the implications are wide-ranging and potentially severe. Hackers could clone personal information, steal passwords, and even instigate a complete takeover of your machine.
Reply
#2
The only repo we provide, support, manage the content of and are responsible for is the official built-in one.

What you say is true, but as they are 3rd party repos found and installed by the user then it should be their responsibility to look after their own install shouldn't it? At some point the user has to take responsibility for their device, both in terms of what they install on it and also in how they use it, what sources or other media outlets that they use and any potential repercussions thereof.

There is no easy way to know that a 3rd party repo is "dead", and we neither have the manpower nor the will to try and monitor what people may chose to do with their own devices in the privacy of their own homes.
|Banned add-ons (wiki)|Forum rules (wiki)|VPN policy (wiki)|First time user (wiki)|FAQs (wiki) Troubleshooting (wiki)|Add-ons (wiki)|Free content (wiki)|Debug Log (wiki)|

Kodi Blog Posts
Reply
#3
Not to mention even non-outdated 3rd party addons could do the same cloning personal information or stealing of passwords, or join your device to a botnet or surreptitiously mine cryptocurrency. I agree with @DarrenHill -- outside of the official Kodi repository, the responsibility is on the user for the repositories and addons that the user chooses to install.
Reply
#4
This is why I only use the official repository.
HTPCs: 2 x Chromecast with Google TV
Audio: Pioneer VSX-819HK & S-HS 100 5.1 Speakers
Server: HP Compaq Pro 6300, 4GB RAM, 8.75TB, Bodhi Linux 5.x, NFS, MySQL
Reply
#5
For me, I do deviate from the official repo at times, but they are still from trusted resources such as:
  • LibreElec's official repository,
  • Addons such as 'Netflix', 'Prime' and beta Amazon Skills for Kodi which are found via the official Kodi forum

The ONLY time it's not from an official channel is when I install a modified Estuary Skin.... Which I modify myself...

As my home network is also used for business, and hosting an email server, the last thing I need is an add-on going rogue on me, so piracy aside, this is more of a security issue for me, as Kodi and Libreelec's repos are maintained I have 99% trust that these will work fine. Whereas the addons found on the forum, if an issue arrises then hopefully a forum member would alert any risk, and the only one that poses some risk is my modified skin, really the only thing that can happen is at best, I cannot spell, or at worst, the skin breaks!

TL : DR use common sense the installing repos and add-ons - third party or otherwise!
Server: Ubuntu Server 22TB HDD running SAMBA
Kodi: 4 Raspberry Pi 3 running Libreelec -  on the main PC - running Linux Mint
My Setup thread |
Reply

Logout Mark Read Team Forum Stats Members Help
Add-ons outdated0