Abstract
Free and open-source media centers are experiencing a boom in popularity for the convenience they offer users seeking to remotely consume digital content. Kodi is today’s most popular home media center, with millions of users worldwide. Kodi’s popularity derives from its ability to centralize the sheer amount of media content available on the Web, both free and copyrighted. Researchers have been hinting at potential security concerns around Kodi, due to add-ons injecting unwanted content as well as user settings linked with security holes. Motivated by these observations, this article conducts the first comprehensive analysis of the Kodi ecosystem: 15,000 Kodi users from 104 countries, 11,000 unique add-ons, and data collected over 9 months.
Our work makes three important contributions. Our first contribution is that we build “crawling” software (
Our analysis of the Kodi ecosystem reveals the following findings. We find that most installed add-ons are unofficial but safe to use. Still, 78% of the users have installed at least one unsafe add-on, and even worse, such add-ons are among the most popular. In response to the information offered by SafeKodi, one-third of the users reacted by disabling some of their add-ons. However, the majority of users ignored our warnings for several months attracted by the content such unsafe add-ons have to offer. Last but not least, we show that Kodi’s auto-update, a feature active for 97.6% of SafeKodi users, makes Kodi users easily identifiable by their ISPs. While passively identifying which Kodi add-on is in use is, as expected, much harder, we also find that many unofficial add-ons do not use HTTPS yet, making their passive detection straightforward.1
- [1] Crean el primer antivirus para Kodi: protégete de addons con malware. [n. d.]. Retrieved June 2021 from https://www.adslzone.net/noticias/seguridad/safekodi-primer-antivirus-kodi.Google Scholar
- [2] Is Your Kodi Virus Free? How to Scan With SafeKodi - TROYPOINT Vids. [n. d.]. Retrieved June 2021 from https://www.youtube.com/watch?v=xCW_2v1vkWM.Google Scholar
- [3] Kodi2020 - Novedad para kodi - El antivirus! - tutvboxaldia kodiAndroid. [n. d.]. Retrieved June 2021 from https://www.youtube.com/watch?v=tLxmJLcaZq4.Google Scholar
- [4] mwarrior/dekodi. [n. d.]. Retrieved June 2021 from https://github.com/mwarrior92/dekodi.Google Scholar
- [5] Safekodi, el addon definitivo si quieres utilizar Kodi de forma segura. [n. d.]. Retrieved June 2021 from https://www.hobbyconsolas.com/noticias/safekodi-addon-definitivo-quieres-utilizar-kodi-forma-segura-599759.Google Scholar
- [6] Sandvine 2017. [n. d.].
Spotlight: The “Fully Loaded” Kodi Ecosystem . Available at Retrieved June 2021 from https://www.sandvine.com/hubfs/downloads/archive/2017-global-internet-phenomena-spotlight-kodi.pdf.Google Scholar - [7] Warning - Be Aware What Additional Add-ons You Install. 2016. Retrieved June 2021 from https://kodi.tv/article/warning-be-aware-what-additional-add-ons-you-install/.Google Scholar
- [8] Kodi Add-ons Launch Cryptomining Campaign. 2018. Retrieved June 2021 from https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/.Google Scholar
- [9] Rampant Kodi Malware? It’s Time to Either Put Up or Shut Up. 2018. Retrieved June 2021 from https://torrentfreak.com/rampant-kodi-malware-its-time-to-either-put-up-or-shut-up-190610/.Google Scholar
- [10] Cisco Umbrella Top 1 Million. 2019. Retrieved June 2021 from https://umbrella.cisco.com/blog/2016/12/14/cisco-umbrella-1-million/.Google Scholar
- [11] ffprobe Documentation. 2019. Retrieved June 2021 from https://ffmpeg.org/ffprobe.html.Google Scholar
- [12] Fishing in the Piracy Stream: How the Dark Web of Entertainment is Exposing Consumers to Harm. 2019. Retrieved June 2021 from https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DCA_Fishing_in_the_Piracy_Stream_v6.pdf.Google Scholar
- [13] Kodi Add-On Developer Arrested On Same Day as Popular Repo Goes Down. 2019. Retrieved June 2021 from https://torrentfreak.com/kodi-add-on-developer-arrested-on-same-day-as-popular-repo-goes-down-190619/.Google Scholar
- [14] Microsoft Azure. 2019. Retrieved June 2021 from https://azure.microsoft.com/en-us/.Google Scholar
- [15] Popular Kodi Addon ‘Exodus’ Turned Users into a DDoS “Botnet”. 2019. Retrieved June 2021 from https://torrentfreak.com/popular-kodi-addon-exodus-turned-users-into-a-ddos-botnet-170203/.Google Scholar
- [16] Real-Debrid. 2019. Retrieved June 2021 from https://real-debrid.com/.Google Scholar
- [17] Tesseract Open Source OCR Engine. 2019. Retrieved June 2021 from https://github.com/tesseract-ocr/tesseract.Google Scholar
- [18] Tstat - TCP STatistic and Analysis Tool. 2019. Retrieved June 2021 from http://tstat.polito.it/.Google Scholar
- [19] XVFB. 2019. Retrieved June 2021 from https://www.x.org/releases/X11R7.6/doc/man/man1/Xvfb.1.xhtml.Google Scholar
- [20] Add-on Structure.2020. Retrieved June 2021 from https://kodi.wiki/view/Add-on_structure#Directory_Name.Google Scholar
- [21] AWS EC2. 2020. Retrieved June 2021 from https://aws.amazon.com/ec2/.Google Scholar
- [22] Canadian ISPs Continue Quest To Bankrupt TVAddons, Site That Hosted Tons Of Legal Kodi Addons.2020. Retrieved June 2021 from https://www.techdirt.com/articles/20190924/17181743063/canadian-isps-continue-quest-to-bankrupt-tvaddons-site-that-hosted-tons-legal-kodi-addons.shtml.Google Scholar
- [23] CBlocked Kodi Streams by UK Service Providers: Access More Streams!2020. Retrieved June 2021 from https://koditips.com/blocked-kodi-streams-uk/.Google Scholar
- [24] Conline: 18 Million Brits Fall Victim To Counterfeit Electrical Goods Online.2020. Retrieved June 2021 from https://www.electricalsafetyfirst.org.uk/media-centre/press-releases/2018/06/conline-18-million-brits-fall-victim-to-counterfeit-electrical-goods-online/.Google Scholar
- [25] Docker. 2020. Retrieved June 2021 from https://www.docker.com/.Google Scholar
- [26] EasyList. 2020. Retrieved June 2021 from https://easylist.to/.Google Scholar
- [27] Exodus Redux. 2020. Retrieved June 2021 from https://github.com/I-A-C/I-A-C.github.io/.Google Scholar
- [28] FireHol IP Lists. 2020. Retrieved June 2021 from https://iplists.firehol.org/.Google Scholar
- [29] GeoLite2. 2020. Retrieved June 2021 from https://dev.maxmind.com/geoip/geoip2/geolite2/.Google Scholar
- [30] Github. 2020. Retrieved June 2021 from https:/github.com.Google Scholar
- [31] Google Safe Browsing. 2020. Retrieved June 2021 from https://safebrowsing.google.com/.Google Scholar
- [32] HTTPS Encryption on the Web.2020. Retrieved June 2021 from https://transparencyreport.google.com/https/overview.Google Scholar
- [33] Kodi’s JSON-RPC. 2020. Retrieved from https://kodi.wiki/view/JSON-RPC_API/v8.Google Scholar
- [34] LazyKodi. 2020. Retrieved from https:/lazykodi.com.Google Scholar
- [35] Mitmproxy. 2020. Retrieved June 2021 from https://mitmproxy.org/.Google Scholar
- [36] Pirate TV Box Seller Sentenced to 16 Months in Jail.2020. Retrieved June 2021 from https://torrentfreak.com/pirate-tv-box-seller-sentenced-to-16-months-in-jail-180820/.Google Scholar
- [37] Reddit. 2020. Retrieved June 2021 from https:/reddit.com.Google Scholar
- [38] SafeKodi. 2020. Retrieved June 2021 from https://safekodi.com/.Google Scholar
- [39] Shodan. 2020. Retrieved June 2021 from https://www.shodan.io/.Google Scholar
- [40] SportsDevil. 2020. Retrieved June 2021 from https://github.com/AsvpArchy/plugin.video.SportsDevil/.Google Scholar
- [41] TVAddons Returns, But in Ugly War With Canadian Telcos Over Kodi Addons.2020. Retrieved from https://torrentfreak.com/tvaddons-returns-ugly-war-canadian-telcos-kodi-addons-170801/.Google Scholar
- [42] . 2019. An empirical study of the cost of DNS-over-HTTPS. In Proceedings of the Internet Measurement Conference. 15–21.
DOI: Google ScholarDigital Library - [43] . 2020. A New Paradigm for Dealing with Illegal Redistribution of Content. 2020. Retrieved June 2021 from https://blogs.cisco.com/sp/a-new-paradigm-for-dealing-with-illegal-redistribution-of-content.Google Scholar
- [44] . 2011. Blocking, Tracking, and Monetizing: YouTube Copyright Control and the Downfall Parody. Institute of Network Cultures: Amsterdam.Google Scholar
- [45] . 2003. An analysis of Internet chat systems. In Proceedings of the 3rd ACM SIGCOMM Internet Measurement Conference. 51–64.
DOI: Google ScholarDigital Library - [46] . 2011. Broadcast yourself: Understanding YouTube uploaders. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference. ACM, 361–370.Google ScholarDigital Library
- [47] . 2007. YouTube: Where cultural memory and copyright converge. FILM QUART 61, 1 (2007), 48–57.Google ScholarCross Ref
- [48] . 2019. The price of free illegal live streaming services. arXiv:1901.00579. Retrieved from http://arxiv.org/abs/1901.00579.Google Scholar
- [49] . 2018. Movie pirates of the caribbean: Exploring illegal streaming cyberlockers. In Proceedings of the International AAAI Conference in Web and Social Media.Google ScholarCross Ref
- [50] . 2008. A policy-aware switching layer for data centers. In Proceedings of the ACM SIGCOMM 2008 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 51–62.
DOI: Google ScholarDigital Library - [51] . 2004. Transport layer identification of P2P traffic. In Proceedings of the 4th ACM SIGCOMM Internet Measurement Conference. 121–134.
DOI: Google ScholarDigital Library - [52] . 2005. BLINC: Multilevel traffic classification in the dark. In Proceedings of the ACM SIGCOMM 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 229–240.
DOI: Google ScholarDigital Library - [53] . 2008. Internet traffic classification demystified: Myths, caveats, and the best practices. In Proceedings of the 2008 ACM Conference on Emerging Network Experiment and Technology. 11.
DOI: Google ScholarDigital Library - [54] . 2013. Holiday pictures or blockbuster movies? Insights into copyright infringement in user uploads to one-click file hosters. In Proceedings of the 16th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 8145. Springer-Verlag New York, Inc., New York, NY, 369–389.
DOI: Google ScholarDigital Library - [55] . 2007. A machine learning approach for efficient traffic classification. In Proceedings of the15th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems. 310–317.
DOI: Google ScholarDigital Library - [56] . 2019. An end-to-end, large-scale measurement of DNS-over-encryption: How far have we come?. In Proceedings of the Internet Measurement Conference. 22–35.
DOI: Google ScholarDigital Library - [57] . 2012. Characterizing cyberlocker traffic flows. In Proceedings of the 37th Annual IEEE Conference on Local Computer Networks. IEEE, 410–418.Google ScholarDigital Library
- [58] . Identifying sensitive URLs at web-scale. In Proceedings of the 20th ACM SIGCOMM Internet Measurement Conference.Google Scholar
- [59] . 2005. Toward the accurate identification of network applications. In Proceedings of the International Workshop on Passive and Active Network Measurement. 41–54.
DOI: Google ScholarDigital Library - [60] . 2005. Internet traffic classification using bayesian analysis techniques. In Proceedings of the International Conference on Measurements and Modeling of Computer Systems. 50–60.
DOI: Google ScholarDigital Library - [61] . 2018. I know what you streamed last night: On the security and privacy of streaming. Digital Investigation 25 (2018), 78–89.
DOI: Google ScholarCross Ref - [62] . 2020. The Transport Layer Security (TLS) Protocol Version 1.3. 2020. Retrieved June 2021 from https://tools.ietf.org/html/rfc8446.Google Scholar
- [63] . 2020. TLS Encrypted Client Hello Draft-ietf-tls-esni-07. 2020. Retrieved June 2021 from https://tools.ietf.org/html/draft-ietf-tls-esni-07.Google Scholar
- [64] . 2018. Global Internet Phenomena Spotlight - Kodi. 2018. Retrieved June 2021 from https://www.sandvine.com/hubfs/downloads/archive/2017-global-internet-phenomena-spotlight-kodi.pdf.Google Scholar
- [65] . 2004. Accurate, scalable in-network identification of p2p traffic using application signatures. In Proceedings of the 13th international conference on World Wide Web. 512–521.
DOI: Google ScholarDigital Library - [66] . 2012. Making middleboxes someone else’s problem: Network processing as a cloud service. ACM SIGCOMM Computer Communication Review 42, 4 (2012), 13–24.Google ScholarDigital Library
- [67] . 2019. Common knowledge based and one-shot learning enabled multi-task traffic classification. IEEE Access 7 (2019), 39485–39495.
DOI: Google ScholarCross Ref - [68] . Mis-shapes, mistakes, misfits: An analysis of domain classification services. In Proceedings of the 20th ACM SIGCOMM Internet Measurement Conference.Google Scholar
- [69] . 2011. Traffic characterization of a residential wireless Internet access. Telecommunication Systems 48, 1–2 (2011), 5–17.Google ScholarDigital Library
- [70] . 2019. Official:Forum Rules/Banned Add-ons. 2019. Retrieved from https://kodi.wiki/view/Official:Forum_rules/Banned_add-ons.Google Scholar
Index Terms
- Decoding the Kodi Ecosystem
Comments