large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

This Kodi feature can be used to spy on you – here’s how to stop it

Something you may – or may not – know is that Kodi bundles an unsecured IP-based Remote Access feature, leaving your entertainment system and all of its contents vulnerable to hackers. Don’t panic, though: hiding your media from nosey parkers couldn’t be easier. Here’s how.

Believe it or not, the only thing you need to do to secure Kodi is add a layer of password protection – and that can be done by heading into the Control section of the System Settings menu. We should note, however, that you’re going to want to choose a random, secure passcode – no, your dog’s name won’t do, and please don’t use ‘Kodi’ either.

If you’re struggling to come up with something unique, we suggest using a password generator to generate an arbitrary phrase. Those looking to add an extra layer of protection should ensure it exceeds 12 characters and includes at least two symbols, which will make it significantly harder to crack.

TorrentFreak explains the vulnerability as follows:

While browsing someone’s addons isn’t the most engaging thing in the world, things get decidedly spicier when one learns that the Chorus 2 interface allows both authorized and unauthorized users to go much further.

For example, it’s possible to change Kodi’s system settings from the interface, including mischievous things such as disabling keyboards and mice. […] it can also give away system usernames, for example.

But aside from screwing with people’s settings (which is both pointless and malicious), the Chorus 2 interface has a trick up its sleeve. If people’s Kodi setups contain video or music files (which is what Kodi was originally designed for), in many cases it’s possible to play these over the web interface.

In basic terms, someone with your IP address can view the contents of your video library on the other side of the world, with just a couple of clicks.

The Kodi system requires a username and password – both set to “admin” by default – to take advantage of Remote Access, and adding a passcode acts as a barrier between your media and prying eyes. That said, any system can be hacked, but following the aforementioned steps should reduce the risk.

Related: how to install Kodi

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.