Beware of Malware in Piracy Streaming Apps
Does the offer to “Never pay for cable again” sound tantalizing?
It shouldn’t. It should sound abhorrent, not only because of piracy is illegal and unfair to content creators, but also because researchers have found that pirated streaming devices are stuffed with malware and/or open the door for it to come streaming in.
According to a recently published report, researchers have found that many of the devices are rigged with malware, be it on preinstalled apps or apps added later.
In order to assess the streaming piracy ecosystem, researchers from cybersecurity firm Dark Wolfe Consulting and the Digital Citizens Alliance (DCA) – a consumer-focused group devoted to making the internet safer – picked up 6 streaming devices that use the Kodi platform.
Kodi’s a free, open-source media player – one that comes in handy to tweak and add to piracy streaming devices. Of the Kodi devices the researchers checked out, they found that 70% were repurposed or loaded with apps that access unlicensed content.
These devices are bought by people who’d rather not pay for content and who might not be aware of the extreme risks we go through when we plug them into our home or work networks. That’s a lot of people: the researchers noted that as of December 2018, there were about 12 million active users of the app repository “TV Addons,” which runs on Kodi.
The devices are dirt cheap in comparison to a legit Apple TV or Roku streaming device and the subscription prices for shows from the likes of Netflix, Hulu or HBO. The Kodi devices – sometimes called “Kodi boxes” or “jailbroken Fire TV Sticks” – look and act like the bona fide streaming devices. You can pick them up on both underground markets on the Dark Web, or on the sunny side of the street in places like Facebook Marketplace, Craigslist, or eBay, for a one-time fee of $75 to $100.
That will get you access to what the researchers say is a burgeoning range of pirated content, including the latest movies – even while they’re still in theaters – or live events such as pay-per-view boxing matches or elite soccer games. The report includes a screenshot of one piracy app, Exodus Redux, that was offering movies such as Aquaman a full week before it was released.
The researchers said that what most users don’t realize is that plugging in one of these devices into their home network is like pulling a Trojan horse in through the front door: the devices enable hackers to bypass the security of the home network’s router firewall, for example. Any apps already on the box or later downloaded can unleash malware, all under the guise of “free” content.
The devices are easy for hackers to exploit for a few reasons:
- They’re hooked into the home network and bypass the router’s security.
- Normal security protections are typically not installed or are disabled to accommodate piracy-streaming apps. On Androids, for example, disabling security features opens a specific port to the internet that botnets routinely scan for. That leaves the devices open for hackers to target and to then infect.
Also, users often have to grant full admin access in order to use the apps, including permission to access the device’s entire memory, along with its location and other security protections. In other words, users hand over the keys to the kingdom.
Over the course of 500 hours of lab testing, the researchers experienced these and other security risks, they said:
- As soon as a researcher downloaded the ad-supported illicit movie and live sports streaming app Mobdro, malware within the app forwarded the researcher’s Wi-Fi network name and password to a server that appeared to be in Indonesia.
- Malware probed the researchers’ network, searching for vulnerabilities that would enable it to access files and other devices. The malware uploaded, without permission, 1.5 terabytes of data from the researcher’s device.
- Mobdro sought access to media content and other legitimate apps on the researcher’s network.
- In one scheme, crooks posed as well-known streaming sites, such as Netflix, to illegally use an actual, paying Netflix customer’s legitimate subscription.
The cybersecurity firm GroupSense assisted by infiltrating Dark Web chatrooms where they found hackers sussing out how to exploit vulnerabilities inherent in the pirate apps, as well as how to use malware to snare the devices into a botnet to use in cyberattacks or for crypto mining. Other chats were about how to get at information stored on the devices, such as photographs, passwords, and credit cards.
The possibilities for mischief and mayhem are manifold, states the report:
Given that users rarely install anti-virus tools on such devices, the opportunities for exploitation are numerous.
The researchers want to see these steps taken to reduce those security risks:
- Law enforcement should prioritize the investigation and prosecution of these criminal networks.
- Consumer protection agencies, both at the federal and state level, should warn consumers about the risks that illicit devices and piracy apps pose to their security and to their home devices.
- Government agencies and corporations should warn employees of the potential risks of using these devices over their networks, so they don’t become a pathway to gain access to networks or steal sensitive information.
- Digital marketplaces such as eBay, Craigslist, and Facebook Marketplace should ban the sale of piracy devices.