Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Mobile & Wireless

Researchers Link 300,000 Virtual Android Devices To Study Mobile Security

MegaDroid 300,000 Android Devices Simulated

Sandia’s David Fritz holds two Android smartphones, representing the virtual network of 300,000 such devices that he and other researchers are using to advance understanding of malicious computer networks on the Internet. (Photo by Dino Vournas)

MegaDroid 300,000 Android Devices Simulated

Sandia’s David Fritz holds two Android smartphones, representing the virtual network of 300,000 such devices that he and other researchers are using to advance understanding of malicious computer networks on the Internet. (Photo by Dino Vournas)

Sandia National Laboratories, the Federally Funded Research and Development Center Managed by a Lockheed Martin subsidiary, shared details on an interesting new security project designed to help understand more about the security of mobile devices such as smartphones and other hand held devices.

As part of their research, scientists in Livermore, California have built a massive network that linked together 300,000 virtual hand-held computing devices running Google’s Android operating system.

Dubbed “MegaDroid”, the project is designed to help researchers understand large-scale networks, and the security implications associated with mobile devices and communications.

By studying the behaviors of smartphone networks, they hope to help device makers and mobile network operators better protect hand-held devices from malicious attacks.

With the goal of making smartphones more reliable and secure, the researchers hope to develop a software tool that will enable other security researchers to conduct similar experiments.

“Smartphones are now ubiquitous and used as general-purpose computing devices as much as desktop or laptop computers,” said Sandia’s David Fritz. “But even though they are easy targets, no one appears to be studying them at the scale we’re attempting.”

Advertisement. Scroll to continue reading.

The virtual Android network at Sandia, said computer scientist John Floren, is carefully insulated from other networks at the Labs and the outside world, but can be built up into a realistic computing environment. That environment might include a full domain name service (DNS), an Internet relay chat (IRC) server, a web server and multiple subnets. Floren said they hope to simulate up to a million devices at some point.

A key element of the Android project, Floren said, is a “spoof” Global Positioning System (GPS). Floren and his colleagues created simulated GPS data of a smartphone user in an urban environment, an important experiment since smartphones and such key features as Bluetooth and Wi-Fi capabilities are highly location-dependent and thus could easily be controlled and manipulated by rogue actors.

The researchers then fed that data into the GPS input of an Android virtual machine. Software on the virtual machine treats the location data as indistinguishable from real GPS data, which offers researchers a much richer and more accurate emulation environment from which to analyze and study what hackers can do to smartphone networks, Floren said.

“You can’t defend against something you don’t understand,” Floren said. The larger the scale the better, he said, since more computer nodes offer more data for researchers to observe and study. This latest Android project follows a previous “ Megatux” project that kicked off in 2009, in which Sandia scientists ran a million virtual Linux machines, and MegaWin, a similar undertaking that focused on Microsoft’s Windows operating system.

According to the researchers, a big challenge in studying Android-based devices, is the complexity of the software. Google’s Android operating system includes more than 14 million lines of code, and runs on top of a Linux kernel, which they say more than doubles the amount of code.

“It’s possible for something to go wrong on the scale of a big wireless network because of a coding mistake in an operating system or an application, and it’s very hard to diagnose and fix,” Fritz warned. “You can’t possibly read through 15 million lines of code and understand every possible interaction between all these devices and the network.”

A majority of Sandia’s work on virtual computing environments will soon be available for other cyber researchers via open source, the laboratory said. 

MegaDroid primarily will be useful as a tool to ferret out problems that would manifest themselves when large numbers of smartphones interact, said Keith Vanderveen, manager of Sandia’s Scalable and Secure Systems Research department.

Similar projects could be done using other platforms such as Apple’s iOS.

“Apple’s iOS, for instance, could take advantage of our body of knowledge and the toolkit we’re developing,” Vanderveen said. Vanderveen added that Sandia also plans to use MegaDroid to explore issues of data protection and data leakage, noting that these issues area big concern for government agencies.

With R&D responsibilities in national security, energy and environmental technologies and economic competitiveness, Sandia works for the U.S. Department of Energy’s National Nuclear Security Administration, and has facilities in Albuquerque, New Mexico and Livermore, California.

In the video below, Sandia’s researchers talk about and demonstrate the MegaDroid project:

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.