Illicit streaming devices are more popular than ever, and hackers are taking note

Illicit streaming devices are more popular than ever, and hackers are taking note
© Getty Images

Online hackers are using illicit streaming devices — known as “Kodi boxes” or “jailbroken Fire TV sticks” — to skirt home network security measures, infect consumers with malware, and steal vital personal information like passwords and financial records. It’s time for Congress to do something about this.

While on-demand subscriptions to services like Netflix and Hulu climbed to 187 million in the U.S. in 2018, millions of consumers are going outside legitimate app marketplaces to find free, pirated content to the latest shows, pre-release movies, and video games.

According to a new report by the Digital Citizens Alliance, an advocacy group that specializes in internet threats to the public, Kodi boxes are readily available through online merchants like eBay or Craigslist for $75 to $100 and offer an ever-growing selection of pirated content. These devices look and function like legitimate devices, but instead of linking to services like Netflix or Amazon Prime Video, they connect to pirate apps.

However, users often don’t realize that illicit apps pre-installed on these devices or downloaded after purchase commonly contain malware. By plugging these devices into their home network, users are enabling hackers to bypass the security measures (such as a router’s firewall) intended to prevent digital intrusion.

ADVERTISEMENT

What was once a fringe phenomenon has entered the mainstream, with 12 million homes in North America actively using illicit streaming devices. A Digital Citizens survey found that 13 percent of Americans report having a piracy device in their homes. Yet millions of consumers are unaware of their own cybersecurity vulnerabilities. These unsuspecting users represent a target-rich environment for online hackers seeking to steal personal information.

Malware-laden apps on Kodi boxes allow hackers to infiltrate home networks, gaining access to computers, tablets, phones, smart TVs, thermostats, security systems, smart appliances — anything connected to the network. Even worse, these devices often download malware to other devices in a user’s network, meaning that hackers may be able to infiltrate adjacent systems long after the illicit device is removed from the network.

For example, when investigators downloaded the illegal movie and live sports app “Mobdro,” malware within the app sent the investigators’ Wi-Fi network name and password to a server in Indonesia, probed the network’s security measures looking to access files and other devices, and uploaded, without authorization, 1.5 terabytes of data from the investigators’ device. The average user has no inkling any of this is occurring until it’s too late.

The cybersecurity risks of piracy devices are reflected in Digital Citizens’ research, which found that 44 percent of those with a piracy device in their homes have dealt with a malware issue in the last 18 months — six times more than among households without such devices. There’s no doubt about it: Using a piracy device on a home network substantially increases a person’s digital security risk.

These latest findings build on a 2015 Digital Citizens investigation that found that one-third of sites offering pirated content contained malware, adware, and Trojans that could hijack a user’s computer, steal sensitive information, and penetrate other devices on the network. Kodi boxes are just the latest front in this ongoing battle.

In response to these threats, consumer protection organizations, as well as law enforcement agencies, have taken steps to warn consumers, and Digital Citizens’ report shows that campaigns to raise public awareness can be effective. When armed with the facts, users are far more reticent to expose themselves to hacking and more careful about their network security.

As hackers continue to exploit piracy devices, government entities like the FTC and state attorneys general should do even more to alert consumers of these risks and target bad actors. Maybe it’s time for Congress to take note.

Liam Sigaud works on economic policy and research for the American Consumer Institute, a nonprofit educational and research organization. For more information about the Institute, visit www.TheAmericanConsumer.Org.