Heimdal
article featured image

Contents:

Time and time again, our reader asked us to cover media player apps like Kodi and explain how they can use them and not compromise their online security.

Use the links below to quickly navigate this Kodi overview and see how you can use it to watch your favorite media.

What is Kodi?
How to use Kodi
Kodi guide with online security in mind
Kodi security risks

kodi logo

What is Kodi?

Kodi is one of the most popular media player apps in the world. You can call it the best home theater available online. And it’s also free!

Kodi is an open-source program that started more than fifteen years ago as Xbox Media Player and changed its name to Kodi in 2014. For example, other famous media players like Plex or MediaPortal were based on Kodi or Xbox Media Player.

To cut a long story short, it allows you to watch any type of content online, from videos to Flickr photos, podcasts, and music.

What’s special about it is that it allows you to do most anything in a single interface. You don’t have to switch between Youtube for example and other apps or sites like that. Most users rely on Kodi to view content on PC, but it can be used on smart TVs, smartphones and so on.

Kodi can also work on smartphones, tablets, Firesticks, Raspberry Pis or consoles like Xbox One, along with a great number of streaming boxes.

If you search on eBay or Amazon you’ll likely find hundreds of Kodi boxes, streaming devices that come with Kodi pre-installed. However, we highly recommend you do not use a Kodi box because of security risks. They can be preloaded with malware and you don’t have the community to keep watch over the box’s security.

While it might be a bit more inconvenient, it’s safer and cheaper to install Kodi on your PC or devices on your own.

Because it’s open source, the community around Kodi has developed hundreds of add-ons for any type of content you can imagine.

Heimdal™ Threat Prevention Home makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Heimdal™ Threat Prevention Home anti malware and ransomware protection
Heimdal™ Threat Prevention Home provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Try it FREE

30-day Free Trial

Unfortunately, it’s also one of the most widely used tools for online piracy, as its add-ons and repositories can stream unlicensed copyrighted content.

Users can stream or download TV show torrents, watch sports games and so on via so-called “repositories”. Kodi repositories are simply large collections of add-ons that can be installed in bulk and add new Kodi functionalities.

This is one of the biggest dangers when it comes to Kodi and online security. Because anyone can develop their own addon, malicious hackers have an easy way of doing man-in-the-middle attacks and can infect your devices with all kinds of malware.

But we’ll focus on that later on in the guide, now let’s see how to use Kodi with maximum online security.

How to use Kodi

You can store your library of movies, TV shows, podcasts, music and pictures in a simple, intuitive interface.

If you have two PCs or want to join your family’s devices, the uPnP feature connects those PCs so both of them can have access to the same content library.

To install Kodi on a PC you can simply download it from the official website, then run the .exe file. If you have Windows 10 or 8, you can find the app directly in the Windows Store. We highly recommend using the Windows Store option because Kodi updates are done automatically.

kodi on windows store

As you know, you should always update your software as soon as possible!

After installing, simply navigate to the add-ons section and choose what suits you.

In this guide, we’ll focus on using Kodi on PCs, so we can give you the best security tips.

Kodi guide with online security in mind

Due to its open source nature and the fact that anyone can launch an addon, Kodi can be quite risky software if used improperly. Before installing it, we recommend following these steps:

Step 1: Get the best online security possible for your PC

We wrote a comprehensive guide on how to secure your PC against a vast number of attacks and gathered the best free security tools for 2019 in this roundup. We recommend you use it before installing software like Kodi.

For Kodi installation purposes, it can be boiled down to two major parts:

Use a good antivirus AND do not skip an anti-malware solution. Due to the way they work, most antiviruses cannot catch modern malware infections, so you need an extra layer, like our Heimdal™ Threat Prevention, the award-winning traffic filtering security solution (it also works with any anti-virus you might already have).

With these measures in place, your PC is protected from most threats, but here’s what you have to do next.

Step 2: Install a VPN. Never use Kodi without VPN!

A Virtual Private Network, or VPN for short, encrypts your internet connection and prevents third-parties from tracking your IP address.

VPNs are essential nowadays for privacy because advertisers and malicious hackers all want to track your online activity.

They’re also important if you plan on streaming movies and TV shows from torrent files. They hide what you do online from your Internet Service Provider (ISP) and, of course, authorities.

Most people think that downloading movies is illegal, but streaming is perfectly fine. No, it’s actually not. In some countries, you could get a very not-nice letter from the authorities based on your online activity. Of course, you can also use a VPN for Netflix in those regions where the service is not yet available.

A VPN circumvents those incoveniences but, most importantly, it’s essential for online security!

This is because VPN will provide a good defense against a man-in-the-middle attack. In this scenario, someone could intercept your online traffic and send you a malicious file instead. Bitdefender explained how such an attack could be done with Kodi.

However, before you rush to get a VPN solution, take a few minutes and read this article on free VPNs and what you should keep in mind about privacy and security.

Step 3: Use only the official Kodi functionality and do not install third-party add-ons.

This means you should use Kodi to organize and easily access those media files you already own or continue to pay for.

For streaming, we only recommend you connect legitimate sources that offer free videos – think Youtube, Vimeo, Twitch and so on.

While you can indeed pirate with Kodi a lot of media, the repositories and add-ons that allow you to do so are inherently not safe.

kodi screen

The Kodi developers themselves warn against such uses – they’re illegal and expose you to malware that probably won’t be stopped by your antivirus.

Paid services like Netflix, Hulu or Amazon Video do not yet have Kodi add-ons, so to bring that content into Kodi is an adventure – you have to install a Play to Kodi extension in your browser and fiddle with a lot of settings, which creates more security holes in your setup.

We highly recommend skipping that.

Kodi security risks

Here is what the official Kodi developers had to say about the security risks involved in running unofficial Kodi code.

“They create significant privacy risks, given the access they have to your system. They can be updated remotely and made to execute code as part of what can only be viewed as a botnet. They break when we change something, which leads to howls of protest from people who maybe didn’t even realize what they were doing.”

Risk 1 – Malicious add-ons

Any third-party add-ons carry a lot of risks for you, whether you use them to stream content without a license or just trying to add a new functionality.

Furthermore, in Kodi repositories are hundreds, if not thousands of dead or outdated add-ons. If they’re resurrected or hijacked by malicious hackers, they will expose you to malware and man-in-the-middle attacks.

Risk 2 – Man-in-the-middle attacks

Kodi checks for add-on updates constantly and downloads them automatically. Unfortunately, it does it over HTTP, not HTTPS, so there’s no encryption to protect that data transmission.

A malicious hacker can intercept that data transfer and send something else in return. Most likely, you’ll get some malware.
kodi updates automatic insall

As we said above, there are a lot of inactive or outdated add-ons. When Kodi checks for updates, the risk for a MitM attack increases. Your computer could get infected with malware and enslaved in a botnet.

Thousands of users who got the popular unofficial Exodus add-on (used for piracy purposes), had their machines enslaved in a botnet and used to launch DDoS attacks.

Risk 3 – Exposing your IP and habits to your ISP/authorities

We’ve seen a lot of users asking us about Kodi or already using it, without a VPN in place. As we stated in the Kodi guide above, you should never-ever run it without a VPN.

Even if you’re careful to only install legitimate add-ons, there’s still the risk to get some illegal content on your machine. In countries like the US or the UK, you can receive letters from your ISP or the authorities.

Risk 4 – Privacy issues

Kodi is pretty good, especially if you use a VPN but there are still privacy concerns.

Yes, you can stop it from logging your Watched Status so that no one with access to your PC will know what content you viewed.

However, as shown here, Kodi logs in its database any video you ever watched on it, even if you deleted the source video. In the app interface, there is no option to delete that database, but there is a legitimate add-on called Database Pre-Wash Scrub to help you out. If you care about privacy down to the smallest details, it’s worth downloading it.

These are the most important aspects to Kodi we’ve noticed so far. If you have any tips on using it safely or on how to make better use of it for content viewing, please share your thoughts with the community!

Author Profile

Ana Dascalescu

Cyber Security Enthusiast

The Atlantic wrote about cyberflâneur and I think that's the best way to describe myself. Or maybe a digital jack-of-all-trades with a long background in blogging, video production and streaming. I spend my waking hours snooping through online communities of all types, from Reddit to security forums, from gaming blogs to banal social media platforms like Instagram. Sometimes I even contribute to those communities.

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE