SafeKodi: Researchers Help Kodi Users to Spot Malicious Addons

Home > Piracy Research >

Researchers from Northwestern University and Brave Software have taken an in-depth look at possible security issues with third-party Kodi addons. They find that most addons are safe. Only a very small number of addons are linked to malicious content, but these tend to be relatively popular. To help users spot these risks, the researchers offer a solution in the form of a Kodi addon.

Kodi is widely known as a very convenient media player. While the open-source software is content-neutral, some third-party addons use it to offer pirated content.

In recent years rightsholders and anti-piracy organizations have worked hard to target copyright infringing addons. This is done through enforcement actions, but also through scare tactics.

On numerous occasions, Kodi addons have been associated with malware and other malicious content. While it is certainly true that there are some shady addons out there, the warnings are often overblown, lacking any supportive data.

A more analytical approach to this issue is being taken by a group of researchers from Northwestern University and Brave Software. They use a data-driven model and have created a software crawler to identify any potential threats in third-party Kodi addons.

Their software, aptly named ‘De-Kodi,’ scraped the web and discovered tens of thousands of addons. A small percentage of these, roughly 9,000, were still active. The researchers then tested them for potentially harmful activity.

The results show that most addons are safe. A significant portion include URLs that are linked to advertising, tracking, or Kodi’s own blacklist. However, only 13 addons included URLs that were flagged by Google’s Safebrowsing service for potentially malicious “social engineering.” Another 131 addons included links to potentially malicious IPs.

“In our study, we discovered 43,308 addons out of which 8,485 were unique and correctly working. Out of these, only a handful was potentially harmful,” Brave Software researcher Matteo Varvello tells TorrentFreak.

This doesn’t sound like a broad threat, but some nuance is warranted. The researchers also found that many of the problematic addons are relatively popular. This means that while malicious addons are rare, they still have the potential to impact a lot of people.

The SportsDevil addon, for example, which is listed among the ten most popular addon domains, is flagged as potentially malicious, includes tracking scripts and is on Kodi’s ban list.

Because users may not be aware of these threats, or the fact that that addons may track them or serve ads, the researchers decided to make the information public in the form of an addon.

“After we built De-Kodi, we realized that the information we collected was very useful to the average Kodi user, not only the research community. An addon was the easiest way to bring this information to the large Kodi user base,” Varvello tells us.

The result is the new SafeKodi addon which is available to the public for free. Kodi users who install it can use the software to check whether there are any potential security issues on their platform.

In addition to helping the public, the public can help the researchers as well. SafeKodi allows users to flag addons they think are unsafe. In addition, it will automatically locate new and unknown addons and test these on-demand.

The input from users allows the researchers to expand their findings and provide a more accurate overview of the third-party addon ecosystem.

“The current plan is to attract some user-base for SafeKodi. This allows us to complete our study with potential addons we will discover thanks to our users, and those that appear through the evolution of the Kodi ecosystem over time,” Varvello says.

In addition to insights about advertising, tracking, and potential malware threats, the research also provides additional detail on the video sources of addons.

For example, they found that the most popular media serving domains are GoogleVideo.com, Akamaihd.net, and Archive.org. These domains include legitimate content but are also used by pirate services.

The results of the study are detailed in a paper titled: De-Kodi: Understanding the Kodi Ecosystem. The findings will be officially presented at the World Wide Web Conference in April where the De-Kodi source code is also scheduled for release.

Sponsors

Popular Posts

From 2 Years ago…