Kodi 16.1 exploit

 

Kodi® (formerly known as XBMC™) is an award-winning free and open source (GPL) software media center for playing videos, music, pictures, games, and more. Kodi runs on Linux, OS X, Windows, iOS, and Android, featuring a 10-foot user interface for use with televisions and remote controls. It allows users to play and view most videos, music, podcasts, and other digital media files from local and network storage media and the internet.

The main vulnerability lies in web interface. The user can setup a web server (default port 8080 with username kodi). By manipulating variables that reference files, it was possible to read the data off the Android device. The proof of concept video is down below.

 

The issue was fixed in the latest build,but still…

stats.png

This is just the majority users, but there will be more if we consider the entire world.The exploit doesn’t end here, this can be done in a huge scale, think about the 1000s of users around the world with this vulnerability without the knowledge.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s