By Kevin Le Jannic, Product Manager, Security, in charge of Security Services at Viaccess-Orca.
One of the biggest video piracy threats of recent years has been the fully loaded Kodi box. An open source media player developed by the XBMC Foundation, it’s an entirely legitimate product that has been hijacked by online pirates who have used its extensible nature to add various plug-ins and add-ons that let users easily stream illegal content. Officially termed Illicit Streaming Devices (ISDs), these have been sold ‘fully loaded’, i.e. with the pirate software already installed and ready to go out of the box.
In some countries, their success has been astonishing. According to recent research conducted on behalf of the Coalition Against Piracy of the Asia Video Industry Association (AVIA), as many as 45% of consumers in Thailand are using a TV box which can be used to stream pirated television and illegal content. As a result, 69% say they cancelled some or all of their legitimate Pay-TV subscriptions, with international services marginally more susceptible than Thai ones. Perhaps more worrying than anything, that figure rises to 77% when it comes to the 18-24 age group.
Mango TV, HD Playbox and U Play are amongst the most popular of the pirate apps in Thailand, but it would be wrong to assume this is just a problem confined to Thailand. Every time you widen the focus out you come across more. As the AVIA’s Asia Video Industry Report 2019 states “Asia Pacific has some of the most egregious consumers of pirated content in the world” and while the percentage of ISD users in The Philippines might ‘only’ be 28%, given the population differences between the countries it is a similar number showing around 30 million people.
The report also highlights recent Digital TV Research data that states online TV and movie piracy worldwide will cost the content industry an estimated $37.4 billion in lost revenue this year, rising to $51.6 billion by 2022 (though it is worth pointing out that these figures don’t include sports — an increasing focus for pirate activity as illegal live streaming becomes more prevalent — or Pay-TV). In fact, while the 2022 figure is alarming, as the graph below shows this is a significant deceleration of the current trend. If the current scale of losses is projected forward the number is closer to the $60 billion mark.
Action Against Video Piracy
While rampant in some Asian countries, there are signs that the threat of Kodi elsewhere is diminishing. Partly this is as the result of the box’s increasingly unwelcome status as an attack surface for malware.
Writing in the AVIA report, Neil Gane, General Manager AVIA Coalition Against Piracy, says: “The more mainstream the piracy ecosystem becomes, the greater the risks of malware proliferation. Unfortunately, the appetite for ‘free’ or paying cheap subscriptions for stolen content, blinkers some consumers from the real risks of malicious malware infection including particularly pernicious malware such as spyware and ransomware.”
Whether this status is justified or not is a case of hot debate. Indeed, TorrentFreak has written an exhaustive and in-depth post highlighting the fact that, in its opinion at least, the threat has been overstated — at its time of writing only one documented case was on file — and is at a similar level to other devices.
That’s not to say that in the future it won’t become an issue, though, and since TorrentFreak’s OpEd at least one serious malware infection has been documented. ESET researchers recently discovered that several third-party Kodi add-ons were being used to distribute Linux and Windows cryptocurrency-mining malware, specifically mining the cryptocurrency Monero.
The top five countries affected by the threat were the United States, Israel, Greece, the United Kingdom and the Netherlands, which are also listed as the “top traffic countries” in unofficial but comprehensive Kodi add-ons stats. The outbreak started in December 2017, and while the main add-on repositories that seeded it (Bubbles and Gaia) have variously shut down or been cleaned, ESET estimates that close to 5000 devices were still running the malware as of September 2018.
Whether the claims of Kodi boxes as the malware Trojan horse in the living room are justified or not, however, despite the Asian figures mentioned above there is a definite decline underway in interest in the platform, with Google search volumes in particular shrinking 80% from their peak in 2017 to 2018.
The graph above is from Comparitech which attributes the decline to a range of interlocking factors:
- The launch of the Alliance for Creativity and Entertainment (ACE)
Set up a coalition of some of the biggest content-owners in the business — major film studios, SVOD companies, broadcasters etc — ACE was set up with the express intent of “protecting the dynamic legal market for creative content and reducing online piracy.” It recently won its first litigation against ISD supplier TickBox in the LA courts, which it says sets an important legal precedent in effort to curb illegal piracy devices and applications.
Much of its activity has occurred under the radar, with cease-and-desist letters built upon various anti-piracy and copyright laws in relevant territories being fired off to both add-on developers and repositories. Comparitech notes that ‘dozens’ of prominent developers and development teams have either ceased functioning altogether or are now flying under the radar themselves since ACE’s formation. If they are still operating they are doing so via secure messaging apps or rotating subreddit groups and so on, with a subsequent diminishing of profile and traffic. Meanwhile, several high-profile repositories have shut down.
- A Dish Network lawsuit against TVAddons and ZemTV
The Dish Network’s lawsuit against the ZemTV add-on and add-on library TVAddons was also launched in June 2017 and was the first legal action in the area. ZemTV specifically allowed users to illegally watch a number of Dish channels, while Dish maintained that TVAddons played a significant role in distributing it. The case against ZemTV was decided in Dish’s favour, while Dish settled confidentially with TVAddons earlier this year. During that process TVAddons relaunched with a lot of the previously problematic content purged from its servers. It has struggled to maintain the level of traffic it once enjoyed.
“We are no longer indexing certain types of add-ons as a result of legal pressure. This doesn’t mean that you can’t install whatever you’d like, it just means that we can’t index those add-ons through our platform,” it stated in April 2018.
- Anti-piracy legislation
The EU law making it illegal to sell media devices that easily enabled multimedia piracy, such as ‘fully-loaded Kodi boxes’, was passed in April 2017. It also made it illegal to stream copyrighted material from unofficial sources. It has been mirrored in other countries, notably the UK.
- Amazon, eBay, and Facebook bans on “fully-loaded Kodi boxes”
The concept of the fully-loaded box appears again with Amazon announcing a ban on copyright-infringing media devices in April 2017. eBay announced its own ban later on the same month, while Facebook announced its own ban in August 2018. This went further than previous bans, banning the sale of any device tag had ‘Kodi installed’, never mind pirate specific add-ons.
The Future of Kodi Video Piracy
To this list we would add the effectiveness of services such as our anti piracy protection, which detects and analyzes all Kodi streaming playlists and analyses them. The DMCA is then sent to the impacted ISP, CDN and content platforms. Continuous tracking provides automated 24/7 internet monitoring and enables manual monitoring with up-to-date reports of detailing any content leaked on the internet.
If, as Comparitech asserts, there is a closely-coupled relationship with Google searches for Kodi and levels of piracy on the device, then all this is starting to work and the past year’s downwards trend represents a definite victory for the industry. Industry pressure on legislators and its own efforts seem to be succeedeing in driving Kodi piracy underground and away from the mainstream. Data from the UK suggests that Kodi use is on the decline, with only 6% of online users watching content via it in 2018 compared to 7% in 2017.
That is not to say the threat is over . As is constantly pointed out, Kodi is just an open source platform, and new software is appearing for it all the time. TVAddons list of banned and infringing add-ons stands at 19 current and 18 abandoned (non-functional), while the latest significant threat was a new feature called Orion on popular Gaia add-on which ‘phoned home’ with streaming links scraped by end users. As TVAddons pointed out, the way it functioned meant that users could effectively be considered distributors of illegal content under the letters of the law, not just consumers.
“The worry is that by having end users automatically contribute links they scrape to the Orion database, they could be considered distributors under the law. This could open certain regular Kodi users to significant liability, possibly fines in the tens of thousands.”
Meanwhile, Kodi v18 Leia is getting ready for official release and emphasizes the XMBC Foundation’s desire for legitimacy with the addition of DRM. A Eurosport player and YouTube plugin add-ons already use it, as do unofficial Netflix and Amazon add-ons. Kodi will be hoping that those unofficial players become official ones as it seeks to attract more legitimate mainstream content and leave its checkered past behind it. And the industry will be hoping that measures that have proved effective in Europe and elsewhere can also start to gain traction in countries such as Thailand.