I was reading about the causes of the recent DDOS attacks on DynDNS that caused massive service outages. These attacks came from botnets composed of compromised IOT devices using a MIRAI variant. This has me thinking about possible vulnerabilities in the OpenELEC/LibreELEC OS. I have a few questions.
1) Is there a potential for a device running vanilla LibreElec to become co-opted into a botnet via default passwords?
2) How much vulnerability does the system have with a malicious addon installed, how much control is an addon allowed?
3) What are best practices for the platform?
I have shied away from android TV boxes out of concerns due to most of them not being rooted but having permissions granted to strange parties. Paranoid? Maybe, but I've elected to use devices (RPi, M8) that can be cleanly flashed with OE/LE in hopes of eliminating vulnerabilities (and because it's faster and runs superbly). This zombie-network attack has shaken my confidence and sense of security in everything, including my Kodi systems.
Any thoughts are appreciated, thanks to the team for all of the great work.