There's no denying the massive popularity of Kodi, and the streaming media center has become infamous as well as famous. While the negative press concerning the software tends to focus on the potential for piracy, there's also the question of privacy and security.
Kodi includes -- as does the likes of Plex -- a remote access feature. While wonderfully useful for when you're away from home, it also poses a security risk and represents a serious privacy concern if not correctly configured.
The importance of properly protecting your Kodi setup really cannot be overstated. As TorrentFreak points out, if Kodi is not properly locked down, its remote access feature can be used to not only spy on what you are doing, but also to watch your videos and even change software settings. Knowing nothing more than someone's IP address, it is very easy to access their Kodi web interface, potentially wreaking havoc.
While browsing someone's addons isn't the most engaging thing in the world, things get decidedly spicier when one learns that the Chorus 2 interface allows both authorized and unauthorized users to go much further.
For example, it's possible to change Kodi's system settings from the interface, including mischievous things such as disabling keyboards and mice. [...] it can also give away system usernames, for example.
But aside from screwing with people's settings (which is both pointless and malicious), the Chorus 2 interface has a trick up its sleeve. If people's Kodi setups contain video or music files (which is what Kodi was originally designed for), in many cases it’s possible to play these over the web interface.
In basic terms, someone with your IP address can view the contents of your video library on the other side of the world, with just a couple of clicks.
To fix this privacy hole, all you need to do is add password protection -- and make sure to choose something rather more secure than the default username and password of "kodi" (it's not rocket science...) -- in the Control section of settings.