Chorus2: Kodi users warned they could be spied on via new security vulnerability


Kodi users are being warned about a software vulnerability that could allow strangers to access their video content and other data.

According to a report by TorrentFreak, scores of Kodi users are running a setup that could potentially allow attackers to access their content with just a couple of clicks.

The vulnerability is concerning the browser based remote control feature, that lets Kodi users login and manage their setup from any location.

By using the Chorus2 interface users can access their setup remotely and stream content on almost any device via a web browser.

Users can browse content, change settings and install new add ons on their to their Kodi setup be it via a streaming box or on a computer.

However, this whole process is left wide open to third parties – meaning anyone can access your content – if you didn’t setup a username and password during the installation process, which isn’t mandatory.

“For many years, Kodi has had a remote control feature, whereby the software can be remotely managed via a web interface, Torrentfreak explained.

“This means that you’re able to control your Kodi setup installed on a computer or set-top box using a convenient browser-based interface on another device, from the same room or indeed anywhere in the world.

“But while this is a great feature, people don’t always password-protect the web-interface, meaning that outsiders can access their Kodi setups, if they have that person’s IP address and a web-browser.”

TorrentFreak also said the vulnerability enabled the setup of a Kodi user in the UK to be found within “seconds using a specialist search engine”.

The report said that an attacker could use the vulnerability to look at content and change settings to the victim’s Kodi setup.

The vulnerability could be used to disable keyboard or mouse input which leave the unsuspecting user unable to access their Kodi setup.

“The big question is, however, whether someone accessing a Kodi setup remotely can view these videos via a web browser, TorrentFreak added.

“Answer: Absolutely.

“Clicking through on each piece of media reveals a button to the right of its title.

“Clicking that reveals two options – ‘Queue in Kodi’ (to play on the installation itself) or ‘Download’, which plays/stores the content via a remote browser located anywhere in the world. Chrome works like a charm.”

Fortunately the vulnerability can be made secure by you setting a username and password.

You can do this by going to Settings on the home screen, the Service Settings.

Next, click on Control on the left of screen and set you username and password, which by default is set to ‘kodi’ in both fields.


Comments are closed.