Security Experts:

Researchers Link 300,000 Virtual Android Devices To Study Mobile Security

MegaDroid 300,000 Android Devices Simulated

Sandia's David Fritz holds two Android smartphones, representing the virtual network of 300,000 such devices that he and other researchers are using to advance understanding of malicious computer networks on the Internet. (Photo by Dino Vournas)

Sandia National Laboratories, the Federally Funded Research and Development Center Managed by a Lockheed Martin subsidiary, shared details on an interesting new security project designed to help understand more about the security of mobile devices such as smartphones and other hand held devices.

As part of their research, scientists in Livermore, California have built a massive network that linked together 300,000 virtual hand-held computing devices running Google’s Android operating system.

Dubbed “MegaDroid”, the project is designed to help researchers understand large-scale networks, and the security implications associated with mobile devices and communications.

By studying the behaviors of smartphone networks, they hope to help device makers and mobile network operators better protect hand-held devices from malicious attacks.

With the goal of making smartphones more reliable and secure, the researchers hope to develop a software tool that will enable other security researchers to conduct similar experiments.

“Smartphones are now ubiquitous and used as general-purpose computing devices as much as desktop or laptop computers,” said Sandia’s David Fritz. “But even though they are easy targets, no one appears to be studying them at the scale we’re attempting.”

The virtual Android network at Sandia, said computer scientist John Floren, is carefully insulated from other networks at the Labs and the outside world, but can be built up into a realistic computing environment. That environment might include a full domain name service (DNS), an Internet relay chat (IRC) server, a web server and multiple subnets. Floren said they hope to simulate up to a million devices at some point.

A key element of the Android project, Floren said, is a “spoof” Global Positioning System (GPS). Floren and his colleagues created simulated GPS data of a smartphone user in an urban environment, an important experiment since smartphones and such key features as Bluetooth and Wi-Fi capabilities are highly location-dependent and thus could easily be controlled and manipulated by rogue actors.

The researchers then fed that data into the GPS input of an Android virtual machine. Software on the virtual machine treats the location data as indistinguishable from real GPS data, which offers researchers a much richer and more accurate emulation environment from which to analyze and study what hackers can do to smartphone networks, Floren said.

“You can’t defend against something you don’t understand,” Floren said. The larger the scale the better, he said, since more computer nodes offer more data for researchers to observe and study. This latest Android project follows a previous “ Megatux” project that kicked off in 2009, in which Sandia scientists ran a million virtual Linux machines, and MegaWin, a similar undertaking that focused on Microsoft’s Windows operating system.

According to the researchers, a big challenge in studying Android-based devices, is the complexity of the software. Google’s Android operating system includes more than 14 million lines of code, and runs on top of a Linux kernel, which they say more than doubles the amount of code.

“It’s possible for something to go wrong on the scale of a big wireless network because of a coding mistake in an operating system or an application, and it’s very hard to diagnose and fix,” Fritz warned. “You can’t possibly read through 15 million lines of code and understand every possible interaction between all these devices and the network.”

A majority of Sandia’s work on virtual computing environments will soon be available for other cyber researchers via open source, the laboratory said. 

MegaDroid primarily will be useful as a tool to ferret out problems that would manifest themselves when large numbers of smartphones interact, said Keith Vanderveen, manager of Sandia’s Scalable and Secure Systems Research department.

Similar projects could be done using other platforms such as Apple’s iOS.

“Apple’s iOS, for instance, could take advantage of our body of knowledge and the toolkit we’re developing,” Vanderveen said. Vanderveen added that Sandia also plans to use MegaDroid to explore issues of data protection and data leakage, noting that these issues area big concern for government agencies.

With R&D responsibilities in national security, energy and environmental technologies and economic competitiveness, Sandia works for the U.S. Department of Energy’s National Nuclear Security Administration, and has facilities in Albuquerque, New Mexico and Livermore, California.

In the video below, Sandia’s researchers talk about and demonstrate the MegaDroid project:

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.