Kodi® (formerly known as XBMC™) is an award-winning free and open source (GPL) software media center for playing videos, music, pictures, games, and more. Kodi runs on Linux, OS X, Windows, iOS, and Android, featuring a 10-foot user interface for use with televisions and remote controls. It allows users to play and view most videos, music, podcasts, and other digital media files from local and network storage media and the internet.
The main vulnerability lies in web interface. The user can setup a web server (default port 8080 with username kodi). By manipulating variables that reference files, it was possible to read the data off the Android device. The proof of concept video is down below.
The issue was fixed in the latest build,but still…
This is just the majority users, but there will be more if we consider the entire world.The exploit doesn’t end here, this can be done in a huge scale, think about the 1000s of users around the world with this vulnerability without the knowledge.