Does the offer to “Never pay for cable again” sound tantalizing? It shouldn’t. It should sound abhorrent, not only because of piracy being illegal and unfair to content creators, but also because researchers have found that pirated streaming devices are stuffed with malware and/or open the door for it to come streaming in.
According to a
report published on Thursday, researchers have found that many of the devices are rigged with malware, be it on preinstalled apps or apps added later. In order to assess the streaming piracy ecosystem, researchers from cybersecurity firm Dark Wolfe Consulting and the Digital Citizens Alliance (DCA) – a consumer-focused group devoted to making the internet safer – picked up six streaming devices that use the Kodi platform. Kodi’s a free, open-source media player… one that comes in handy to tweak and add to piracy streaming devices. Of the Kodi devices the researchers checked out, they found that 70% were repurposed or loaded with apps that access unlicensed content. These devices are bought by people who’d rather not pay for content and who might not be aware of the extreme risks we go through when we plug them into our home or work networks. That’s a lot of people: the researchers noted that as of December, there were about 12 million active users of the app repository “TV Addons,” which runs on Kodi. The devices are dirt cheap in comparison to a legit Apple TV or Roku streaming device and the subscription prices for shows from the likes of Netflix, Hulu or HBO. The Kodi devices – sometimes called “Kodi boxes” or “jailbroken Fire TV Sticks” – look and act like the bona fide streaming devices. You can pick them up on both underground markets on the Dark Web, or up on the sunny side of the street in places like Facebook Marketplace, Craigslist, or eBay, for a one-time fee of $75 to $100. That will get you access to what the researchers say is a burgeoning range of pirated content, including the latest movies – even while they’re still in theaters – or live events such as pay-per-view boxing matches or elite soccer games. The report includes a screenshot of one piracy app, Exodus Redux, that was offering movies such as
Aquaman a full week before it was released in December.
The researchers said that what most users don’t realize is that plugging in one of these devices into their home network is like pulling a Trojan horse in through the front door: the devices enable hackers to bypass the security of the home network’s router firewall, for example. Any apps already on the box or later downloaded can unleash malware, all under the guise of “free” content. The devices are easy for hackers to exploit for a few reasons: first, they’re hooked into the home network and bypass the router’s security. Second, normal security protections are typically not installed or are disabled to accommodate piracy-streaming apps. On Androids, for example, disabling security features opens a specific port to the internet that botnets routinely scan for. That leaves the devices open for hackers to target and to then infect. As well, users often have to grant full admin access in order to use the apps, including permission to access the device’s entire memory, along with its location and other security protections. In other words, users hand over the keys to the kingdom.
