Kodi Security Risk Emerges After TVAddons Shutdown
From : torrentfreak
Three domains previously operated by defunct Kodi addons site TVAddons have been transferred to a law firm in Canada.
Security implications cannot be ignored.
According to a Kodi Project Manager, a third party in control of these domains could potentially do whatever they wanted to vulnerable former TVAddons users.
Recently several key TVAddons domains were transferred to a Canadian law firm. TVAddons, who have effectively disappeared, made no comment.
But there is a bigger issue at play here for millions of former TVAddons users who haven’t yet wiped their devices or upgraded them to work with other repositories.
Without going into huge technical detail, any user of an augmented Kodi device that relied on TVAddons domains (TVAddons.ag, Offshoregit.com) for updates can be reasonably confident that the domains their device is now accessing are not controlled by TVAddons anymore. That is not good news.
Any person in control of a repo can make a Kodi addon available that can do pretty much anything.
TVAddons’ domains are now being run by a law firm which refuses to answer questions but has the power to do whatever it likes with them, within the law of course.
TorrentFreak spoke to Kodi Project Manager Nathan Betzen who agrees that the current security situation probably isn’t what former TVAddons users had in mind.
“These are unsandboxed Python addons. The person [in control of] the repo could do whatever they wanted. You guys wrote about the addon that created a DDoS event,” Betzen says.
“If some malware author wanted, he could easily install a watcher that reports back the user’s IP address and everything they were doing in Kodi. If the law firm is actually an anti-piracy group, that seems like the likeliest thing I can think of,” he adds.
source : torrentfreak.com/kodi-security-risk-emerges-after-tvaddons-shutdown-170723/