Kodi is an open-source app that lets you manage and watch all your locally saved media. And like its great rival Plex, it also offers a way to view your media on other devices.
The technology is more primitive than Plex. Kodi takes an IP-based approach to allowing remote access, whereas Plex requires you to sign in to your Plex Media Server. Sadly, however, the IP-based approach is flawed — at least as far as how Kodi implemented it.
Why Kodi’s Remote Access Is Vulnerable
Kodi uses a Chorus 2 interface to enable remote access. This makes many things possible. For example, someone could browse your add-ons and see what you have installed. With law enforcement agencies promising an impending crackdown on illegal add-on users, it’s not an ideal situation.
Perhaps more worryingly, a hacker could also change the settings of your Kodi app. For example, they could disable the mouse pointer or gain access to usernames and passwords.
Lastly, anyone with remote access can watch all your videos. The thought of someone using your account to watch the latest episode of Orange is the New Black might not worry you, but if you have personal videos in your collection, it a significant security issue.
How to Disable Remote Access in Kodi
You just need to change some settings within the Kodi app. The username and password for the remote access feature are both set to “admin” by default. You either need to change the password or disable the feature.
Open Kodi and go to Settings > Services > Control. To turn off remote access completely, slide the toggle next to Allow remote control via HTTP. To change the username and password, highlight the appropriate fields in the Web Server section.
Have you changed the password for Kodi’s remote access feature? Let us know in the comments below.