Entertainment Security

Beware This Kodi Feature That Could Be Spying on You

Dan Price 08-01-2018

Kodi is an open-source app that lets you manage and watch all your locally saved media. And like its great rival Plex, it also offers a way to view your media on other devices.


The technology is more primitive than Plex. Kodi takes an IP-based approach to allowing remote access, whereas Plex requires you to sign in to your Plex Media Server. Sadly, however, the IP-based approach is flawed — at least as far as how Kodi implemented it.

Why Kodi’s Remote Access Is Vulnerable

Kodi uses a Chorus 2 interface to enable remote access. This makes many things possible. For example, someone could browse your add-ons and see what you have installed. With law enforcement agencies promising an impending crackdown on illegal add-on users How Your Amazon Fire TV Stick and Kodi Could Cause Legal Issues Kodi and the Amazon Fire TV Stick are insanely popular. However, although users are attracted to both Kodi and the Amazon Fire TV Stick's flexibility, they could easily land themselves in legal hot water. Read More , it’s not an ideal situation.

Perhaps more worryingly, a hacker could also change the settings of your Kodi app. For example, they could disable the mouse pointer or gain access to usernames and passwords.

Lastly, anyone with remote access can watch all your videos. The thought of someone using your account to watch the latest episode of Orange is the New Black might not worry you, but if you have personal videos in your collection, it a significant security issue.

How to Disable Remote Access in Kodi

You just need to change some settings within the Kodi app. The username and password for the remote access feature are both set to “admin” by default. You either need to change the password or disable the feature.


Open Kodi and go to Settings > Services > Control. To turn off remote access completely, slide the toggle next to Allow remote control via HTTP. To change the username and password, highlight the appropriate fields in the Web Server section.

Beware This Kodi Feature That Could Be Spying on You kodi remote access 670x338

Have you changed the password for Kodi’s remote access feature? Let us know in the comments below.

Related topics: Kodi, Online Privacy, Remote Access.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Dave
    January 18, 2018 at 5:36 am

    Everyone should be upgraded to Kpdi 17.6 due to the subtitle exploit that was found; and this remote control exploit could be harmful but in Kodi's Service Settings > Control > Allow remote control via HTTP is NOT enabled by default and the password fields are disabled.

  2. JLH
    January 15, 2018 at 6:15 pm

    This is not enabled by default on any of my Kodi installs.

  3. PCH
    January 15, 2018 at 5:19 pm

    "its great rival Plex"? Plex is only a media streaming app. There is no onscreen UI with hundreds of add-ons like Kodi has.

  4. David
    January 10, 2018 at 6:00 pm

    How about just a VPN and use it anytime you are using Kodi. Problem solved..

  5. Mattpass
    January 9, 2018 at 6:22 pm

    one way to insulate your data from prying eyes is to PGP the directories you're backing up on the cloud.

  6. Rob
    January 8, 2018 at 7:53 pm

    Agreed, this article makes it sound like the machine is actively connected to an outside IP when in fact the user would have to set that up through your router/firewall on purpose. As a bonus I love the line "uses a Chorus 2 interface to enable remote access" - that doesn't even mean anything. Chrorus 2 is just what they call the web page, it's not the name of any kind of service or protocol.

  7. starduster
    January 8, 2018 at 3:21 pm

    "Sensationalist" clickbait garbage. It's common sense to change your password from default. Furthermore, unless your machine with Kodi on it is connected directly to the internet or you have your router/firewall port forwarding enabled specifically to allow this service to be accessed from outside your network, this doesn't affect you. Write better content.

  8. laularim
    January 8, 2018 at 3:17 pm

    I fail to see how this is such a big security issue.

    First to even get access to a Kodi box on a network you would need access to the network itself... I mean the cheapest router/wifi appliance out there has port forwarding disabled. Obviously if you forward port you are exposed but why would you want to remote control Kodi over the Internet?

    Does kodi remote feature do a dial home type stuff and creates a reverse proxy? I doubt but the article is light on even minimal technical explanations.

    So far to me this looks more like a scaremongering article then an actual informative one.

    • Mickeytang
      January 8, 2018 at 7:54 pm

      Agree with both comments. Clickbait and scaremongering

  9. Rob Weber
    January 8, 2018 at 2:13 pm

    A "Chorus 2 Interface to enable remote access", a "primitive ip based approach" - what are you talking about?

    While some of what you're saying is true it really seems like a lot of fear mongering. Chorus 2 is just what they call the web interface, it's not some kind of programming framework. Plus none of this is remotely valid if you haven't already enabled port forwarding of your Kodi media server to an outside IP via your firewall or router. If you've taken the steps to do that and then didn't also password protect your stuff that's just stupid. By default Kodi is available on your local network only, which you don't mention at all.