updated 07:33 pm EDT, Tue October 2, 2012
Network designed for testing of threat propagation and damage
Researchers at Sandia National Laboratories in California have built a 300,000 smartphone network running various versions of Android, to study attack vectors on the devices and to help secure the next generation of smartphones. The work is expected to result in a tool that will allow other researchers to simulate similar environments and study the behaviors of smartphone networks.
“Smartphones are now ubiquitous and used as general-purpose computing devices as much as desktop or laptop computers,” said Sandia’s David Fritz. “But even though they are easy targets, no one appears to be studying them at the scale we’re attempting.”
The project called "MegaDroid," is insulated from the outside world and other networks at the labs. A key element of the project is a simulated GPS environment for the phones to simulate an urban environment, since since smartphones and such key features as Bluetooth and Wi-Fi capabilities are highly location-dependent and thus could easily be controlled and manipulated by miscreants.
“You can’t defend against something you don’t understand,” Sandia computer scientist John Floren said. More computer nodes offer more data for researchers to observe and study. This latest development by Sandia researchers represents a significant building block for others hoping to understand and limit the damage from network disruptions due to software flaws, natural disasters, acts of terrorism, or other causes.
The research builds upon the Megatux project that started in 2009, in which Sandia scientists ran a million virtual Linux machines, and on a later project that focused on the Windows operating system, called MegaWin. Sandia researchers created those virtual networks at large scale using real Linux and Windows instances in virtual machines.
“It’s possible for something to go wrong on the scale of a big wireless network because of a coding mistake in an operating system or an application, and it’s very hard to diagnose and fix,” said Fritz. “You can’t possibly read through 15 million lines of code and understand every possible interaction between all these devices and the network.”
Sandia is intending to release its virtual computing environment and Android network findings as open source. “Tools are only useful if they’re used,” said Fritz regarding the release of the data and testing tools.
Kevin Vanderveen, manager of Sandia's scalable and secure systems research departments said that the research can "extend the technology to other platforms besides Android. Apple’s iOS, for instance, could take advantage of our body of knowledge and the toolkit we’re developing.”
Sandia National Laboratories is a wholly owned subsidiary of Lockheed Martin company run under the aegis of the US Department of Energy National Nuclear Security Administration., Sandia has major research and developmental responsibilities in national security, energy and environmental technologies and US economic competitiveness.