Devices consumers use to pirate digital copies and live streams of TV shows and movies appear also to be allowing for the theft of their owners' data in that Faustian bargain.
That is according to a nine-month probe by the Digital Citizens Alliance, which said that jailbroken Fire TV sticks and Kodi Boxes are being used by hackers to steal user names and passwords and breach networks.
The group has been hammering on the pirate-hacking connection for some time, producing a slick video last year to try and educate the public.
A study by bandwidth tracker Sandvine last year suggested that as much as 6% of all homes in North America had a Kodi open source media player in some form of content piracy mode.
Related: Fully Loaded Kodi Boxes Becoming Bigger Piracy Threat
The alliance has published its findings in a new report, Fishing in the Piracy Stream: Howthe Dark Web of Entertainment is Exposing Consumers to Harm. One harm is that users of piracy devices and apps are six times more likely to report issues with Malware, the alliance said.
“What the investigation shows is that as piracy shifts from websites and downloads to devices and apps, hackers are adapting and finding new ways to exploit consumers,” said Tom Galvin, executive director of Digital Citizens. “Consumers think these devices are like an Apple TV or Roku device, but they have a distinct difference: they have little to no incentive to protect their users. In other words, they are perfect for hackers.”
Related: Digital Citizens Alliance Warns of Pirate Facilitators
The group says its investigation, conducted in conjunction with cybersecurity firm Dark Wolfe Consulting, also uncovered a scheme to monetize stolen Netflix accounts.
Among the findings of the investigation were:
• Researchers found malware pre-loaded on apps used to illegally watch movies, sports, and other content
• Malware in the illicit ad-supported streaming app 'Mobdro' "forwarded the researcher’s WiFi network name and password to a server that appeared to be in Indonesia."
• That Malware "uploaded, without permission, 1.5 terabytes of data from the researcher’s device."
• Users of the illicit devices are abetting hackers by enabling them to bypass network security when the devices are connected directly to a home network.
• A scheme enabled "criminals" to pose as streaming sites, like Netflix, to gain illegal access to a legitimate subscription.
Among the alliance's proposed action items in the face of that hacking threat is for 1) consumer protection agencies--like the Federal Trade Commission, which has vowed to crack down on privacy violations--to warn consumers about the risks of illicit devices; 2) law enforcement to investigate and prosecute; and 3) digital marketplaces--eBay, Craigslist, Facebook--to ban the devices.
The alliance claims among its supporters, "health, pharmaceutical, and creative industries," the last which are obviously most affected by the aforementioned content piracy.
