Sandia lab fires up 300,000 virtual Android devices to test out security

Lab’s MegaDroid network checks out Bluetooth and Wi-Fi security issues

David Floren of Sandia
Researchers with the Sandia National Laboratory have tied together 300,000 virtual Android-based devices in an effort to study the security and reliability of large smartphone networks.

The Android project, dubbed MegaDroid, is carefully insulated from other networks at the Labs and the outside world, but can be built up into a realistic computing environment, the researchers stated.  That environment might include a full domain name service (DNS), an Internet relay chat (IRC) server, a web server and multiple subnets, said John Floren a computer scientist with the project. 

MORE: The 10 most common mobile security problems and how you can fight them

MegaDroid features what Floren called a "spoof" Global Positioning System (GPS) experiment. Researchers created simulated GPS data of a smartphone user in an urban environment, an important experiment since smartphones and such key features as Bluetooth and Wi-Fi capabilities are highly location-dependent and thus could easily be controlled and manipulated by rogue actors Floren said.

According to a statement from Sandia: The researchers fed data into the GPS input of an Android virtual machine. Software on the virtual machine treats the location data as indistinguishable from real GPS data, which offers researchers a much richer and more accurate emulation environment from which to analyze and study what hackers can do to smartphone networks, Floren said.

The idea is to help cyber-researchers better understand and ultimately limit the damage from network disruptions due to glitches in software or protocols, natural disasters, acts of terrorism or other causes.  These disruptions can cause significant economic and other losses for individual consumers, companies and governments, Sandia said.

In the end, the group's work is expected to result in a software tool that will let others in the cyber research community model similar environments and study the behaviors of smartphone networks. Ultimately, the tool will enable the computing industry to better protect hand-held devices from malicious intent.

The Sandia testbed comes on the heels of a report recent report by the Government Accountability Office the lamented the rapid growth of attacks on mobile devices. 

For example, the GAO found:

  • The number of variants of malicious software aimed at mobile devices has reportedly risen from about 14,000 to 40,000 or about 185% in less than a year.
  • New mobile vulnerabilities have been increasing, from 163 in 2010 to 315 in 2011, an increase of over 93%;
  • An estimated half million to one million people had malware on their Android devices in the first half of 2011;
  • Three out of 10 Android owners are likely to encounter a threat on their device each year as of 2011;

According to Juniper Networks, malware aimed at mobile devices is increasing. For example, the number of variants of malicious software, known as "malware," aimed at mobile devices has reportedly risen from about 14,000 to 40,000, a 185 percent increase in less than a year, the GAO reported.  

"Threats to the security of mobile devices and the information they store and process have been increasing significantly. Cyber criminals may use a variety of attack methods, including intercepting data as they are transmitted to and from mobile devices and inserting malicious code into software applications to gain access to users' sensitive information. These threats and attacks are facilitated by vulnerabilities in the design and configuration of mobile devices, as well as the ways consumers use them. Common vulnerabilities include a failure to enable password protection and operating systems that are not kept up to date with the latest security patches," the GAO stated.

MegaDroid follows the lab's 2009 testbed made up of over 1 million virtual Linux machines known as MegaTux, and on a later project that focused on the Windows operating system, called MegaWin. Sandia researchers created those virtual networks at large scale using real Linux and Windows instances in virtual machines.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

Wireless medical devices face myriad security concerns

US  Department of Homeland Security looking for (more than) a few good drones

Air Force sets first post in ambitious Space Fence project

Man held iPhone for ransom, police charge

FTC short-circuits privacy-invading computer spy ring

Space rocks from other planets brought life to Earth?

IBM cyber security watchdogs see big increase in browser exploits and criminal use of encryption to hide attacks

"You have been targeted for assassination." Latest Hit Man scam takes a darker tone

Cybercrime-fest targets mobile devices

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022