KodiTips Forums

Could this really become an issue?

Sara5dawn

  • 102
  • +0/-1
    • View Profile
Could this really become an issue?
« on: July 24, 2017, 04:39:44 pm »
Kodi Security Risk Emerges After TVAddons Shutdown
BY ANDY ON JULY 23, 2017 C: 33
BREAKING
Three domains previously operated by defunct Kodi addons site TVAddons have been transferred to a law firm in Canada. With no explanation forthcoming, the security implications cannot be ignored. According to Kodi Project Manager Nathan Betzen, a third party in control of these domains could potentially do whatever they wanted to vulnerable former TVAddons users.

Formerly known as XBMC, the popularity of the entirely legal Kodi media player has soared in recent years.

Controversial third-party addons that provide access to infringing content have thrust Kodi into the mainstream and the product is now a household name.

Until recently, TVAddons.ag was the leading repository for these addons. During March, the platform had 40 million unique users connected to the site’s servers, together transferring an astounding petabyte of addons and updates.

Everything was going well until news broke last month that the people behind TVAddons were being sued in a federal court in Texas. Shortly after the site went dark and hasn’t been back since.

This was initially a nuisance to the millions of Kodi devices that relied on TVAddons for their addons and updates. With the site gone, none were forthcoming. However, the scene recovered relatively quickly and for users who know what they’re doing, addons are now available from elsewhere.

That being said, something very unusual happened this week. Out of the blue, several key TVAddons domains were transferred to a Canadian law firm. TVAddons, who have effectively disappeared, made no comment. The lawyer involved, Daniel Drapeau, ignored requests for an explanation.

While that’s unusual enough, there’s a bigger issue at play here for millions of former TVAddons users who haven’t yet wiped their devices or upgraded them to work with other repositories.

Without going into huge technical detail, any user of an augmented Kodi device that relied on TVAddons domains (TVAddons.ag, Offshoregit.com) for updates can be reasonably confident that the domains their device is now accessing are not controlled by TVAddons anymore. That is not good news.

When a user installs a Kodi addon or obtains an update, the whole system is based on human trust. People are told about a trustworthy source (repository or ‘repo’) and they feel happy getting their addons and updates from it.

However, any person in control of a repo can make a Kodi addon available that can do pretty much anything. When that’s getting free movies, people tend to be happy, but when that’s making a botnet out of set-top boxes, enthusiasm tends to wane a bit.

If the penny hasn’t yet dropped, consider this.

TVAddons’ domains are now being run by a law firm which refuses to answer questions but has the power to do whatever it likes with them, within the law of course. Currently, the domains are lying dormant and aren’t doing anything nefarious, but if that position changes, millions of people will have absolutely no idea anything is wrong.

TorrentFreak spoke to Kodi Project Manager Nathan Betzen who agrees that the current security situation probably isn’t what former TVAddons users had in mind.

“These are unsandboxed Python addons. The person [in control of] the repo could do whatever they wanted. You guys wrote about the addon that created a DDoS event,” Betzen says.

“If some malware author wanted, he could easily install a watcher that reports back the user’s IP address and everything they were doing in Kodi. If the law firm is actually an anti-piracy group, that seems like the likeliest thing I can think of,” he adds.

While nothing can be ruled out, it seems more likely that the law firm in question has taken control of TVAddons’ domains in order to put them out of action, potentially as part of a settlement in the Dish Network lawsuit. However, since it refuses to answer any questions, everything is open to speculation.

Another possibility is that the domains are being held pending sale, which then raises questions over who the buyer might be and what their intentions are. The bottom line is we simply do not know and since nobody is talking, it might be prudent to consider the worst case scenario.

“If it’s just a holding group, then people [in control of the domain/repo] could do whatever they can think of. Want a few million incredibly inefficient bit mining boxes?” Betzen speculates.

While this scenario is certainly a possibility, one would at least like to think of it as unlikely. That being said, plenty of Internet security fails can be attributed to people simply hoping for the best when things go bad. That rarely works.

On the plus side, Betzen says that since Python code is usually pretty easy to read, any nefarious action could be spotted by vigilant members of the community fairly quickly. However, Martijn Kaijser from Team Kodi warns that it’s possible to ship precompiled Python code instead of the readable versions.

“You can’t even see what’s in the Python files and what they do,” he notes.

Finally, there’s a possibility that TVAddons may be considering some kind of comeback. Earlier this week a new domain – TVAddons.co – was freshly registered, just after the old domains shifted to the law firm. At this stage, however, nothing is known about the site’s plans.

And this suppose to be the fix!!!

Doubt it's anything to worry about but a band aid fix is to put this in your hosts file:

127.0.0.1 www.tvaddons.ag
127.0.0.1 tvaddons.ag
127.0.0.1 fusion.tvaddons.ag
127.0.0.1 ustvnow.tvaddons.ag
127.0.0.1 logs.tvaddons.ag
127.0.0.1 forums.tvaddons.ag

For linux the host file is in /etc/hosts
For Windows it will be something like C:\windows\system32\drivers\etc\hosts

Should us Kodi users be afraid????

hatrix

  • 278
  • +25/-0
  • I'm the captain now.
    • View Profile
Re: Could this really become an issue?
« Reply #1 on: July 24, 2017, 04:44:55 pm »
eh there's a tiny chance, but this is mainly to scare people. its like when torrent sites get shutdown then reopen later people say the same thing. that its a honeypot to catch users.
 
If you feel unsafe all you have to do is remove your TVA sources. then you won't be connecting to them anymore, problem solved.

Sara5dawn

  • 102
  • +0/-1
    • View Profile
Re: Could this really become an issue?
« Reply #2 on: July 24, 2017, 04:56:37 pm »
eh there's a tiny chance, but this is mainly to scare people. its like when torrent sites get shutdown then reopen later people say the same thing. that its a honeypot to catch users.
 
If you feel unsafe all you have to do is remove your TVA sources. then you won't be connecting to them anymore, problem solved.

Thanks!! I already have removed all things TVA except the TVA log uploader it's the one before Indigo.. Think I'll get rid of it tonight....

TonyH

  • 531
  • +35/-3
  • You have a 50-50 chance if you follow my advice 😂
    • View Profile
Re: Could this really become an issue?
« Reply #3 on: July 24, 2017, 05:47:39 pm »
I joined the scene to late so I don't have any tva related stuff.
There is no need rite now to have the repos, if I did I would delete them. These days data is gold, and a law firm is holding them...

Buzz Marshall

  • 270
  • +27/-2
  • Puff, Puff, Pass
    • View Profile
Re: Could this really become an issue?
« Reply #4 on: July 24, 2017, 06:16:54 pm »
As ive said before when Dish gets involved they take sites over and generally put a gag order on the owners of the site, while they collect and log traffic...

Without more info tho on the Lawyer its hard to say what exactly is up... If he's representing the site owners and has transfered ownership to protect his clients as a legal move thats one thing...

Seeing as he's a Intellectual Property litigator tho makes me think the Dish case is unfolding on a new front... I'm more curious as to why Canada... Dish is a US company that usually on anything big sue's outta Texas... so exactly how a Canadian Intellectual Properties Law Firm is now involved will be interesting to see...

In the old Sat scene Dish - ExpressVU and Nagra formed a partnership company (NagraStar) that allowed them to go after hackers on both sides of the border and issue demand letters to users and shutdown the hack developers...

The Canadian thing is interesting tho... As well from the current status the damage for the TVA owners is already done (as the site is already down) so the sites really are not worth anything to anybody unless Dish looses its case which would allow the owners to reopen...

If Dish makes its argument then I'm sure they will take the site over covertly like they usually do, while gagging the defendants... 

As suggested tho... people should be staying away from those sites as one way or another the only real value to them from this point forward that i could think of would be to gather traffic logs and other information that could be used in court to show cause and damages...
 

Kruncy

  • 41
  • +4/-0
    • View Profile
Re: Could this really become an issue?
« Reply #5 on: July 25, 2017, 04:12:42 pm »

Thanks!! I already have removed all things TVA except the TVA log uploader it's the one before Indigo.. Think I'll get rid of it tonight....

You can replace that with the Log Uploader from the official Kodi Repo.
« Last Edit: July 25, 2017, 04:14:16 pm by Kruncy »

taylor96

  • 13
  • +0/-0
    • View Profile
Re: Could this really become an issue?
« Reply #6 on: July 25, 2017, 06:30:30 pm »
dumped anything TVA related yesterday... probably a waste of time but playing safe in this unknown world of ours.. .

Buzz Marshall

  • 270
  • +27/-2
  • Puff, Puff, Pass
    • View Profile
Re: Could this really become an issue?
« Reply #7 on: July 25, 2017, 06:45:54 pm »
well until more is known i definately would tell people to remove any old plug-ins or correct their update location url's in the plug-in and for sure remove any of the TVA maintainance addons as well...  currently all the zone info is down but depending on what their intent is they could easily bring them back up for all kinds of reasons...

Just another tidbit... the lawyer worked in the past for another company that bell has used to to represent them... not that that in itself means anything but it sure makes one wonder and personally i cant see the owners of TVA having deep enough pockets to hire someone like him and go to bat with this... i don't care much about dish and the US but this Canadian connection thing couple with there already being a federal court injunction of sales on certain pre-loaded boxes really make me wonder...

better safe the sorry...

sarah

  • 182
  • +10/-8
    • View Profile
Re: Could this really become an issue?
« Reply #8 on: July 26, 2017, 12:31:06 pm »
Does anyone have an approx list of TVA repos/addons/maintenance which should be delted?

Fusion etc etc please?

Buzz Marshall

  • 270
  • +27/-2
  • Puff, Puff, Pass
    • View Profile
Re: Could this really become an issue?
« Reply #9 on: July 26, 2017, 04:17:21 pm »
Actually thats a really good idea if someone sat down and put a post together that had them all as well as some basic instructions for people to disable or remove them...

I dont mind helping with the ones i know about but to be honest i have never used tva tho i did use the original site but left years ago over all the behind the scenes drama that seemed to plague the place...

but what you suggest is a great idea if someone thats more familiar would help out...

hatrix

  • 278
  • +25/-0
  • I'm the captain now.
    • View Profile
Re: Could this really become an issue?
« Reply #10 on: July 26, 2017, 05:13:03 pm »
you should be fine if you just remove indigo, fusion, tva repo. Most of the addons from there have moved to new places anyway.