Sandia Lab’s MegaDroid Project Builds Out Massive Android Test Platform

It might sound like a security researcher’s worst nightmare to string together 300,000 virtual instances of the Android OS, but for scientists at Sandia National Laboratories, it’s just another day.The Department of Energy-sponsored national security-focused laboratory released the MegaDroid project on Tuesday, a cluster of 300,000 networked virtual machines running Android on commodity hardware. The project gives scientist a massively scaled platform to test anything that could cause a network disruption, including malware or an attack on critical infrastructure.

SandiaIt might sound like a security researcher’s worst nightmare to string together 300,000 virtual instances of the Android OS, but for scientists at Sandia National Laboratories, it’s just another day.

The Department of Energy-sponsored national security-focused laboratory released the MegaDroid project on Tuesday, a cluster of 300,000 networked virtual machines running Android on commodity hardware. The project gives scientist a massively scaled platform to test anything that could cause a network disruption, including malware or an attack on critical infrastructure.

“With this project, we can spin up 300,000 Android virtual machines and run the same application simultaneously,” said David Fritz, an electrical engineer and senior member of the technical staff at the lab. “You can observe how the application communicates with the server, how geo-location behaves and how other activities communicate with the server. At that scale, you can weed out a lot of problems as they crop up.”

This is the third such project the lab has sponsored; the first two: MegaTux and MegaWin tested similar large-scale Linux and Windows clusters respectively.

With Android, the researchers had an advantage because of its open source nature. But it was probably the most challenging, Fritz said, because in order to create a realistic virtual environment, they were required to emulate all the sensors a mobile device would bring with it, including GPS, accelerometers, radio and others.

“It’s been an interesting endeavor,” he said.

Android has been a much-maligned platform in terms of security, despite its market-share lead among mobile devices. Attackers are finding success planting malicious applications onto the Google Play marketplace, and recent research from Duo Security determined that half of all Android devices have unpatched vulnerabilities make them ripe for exploitation.

Fritz and fellow lead researcher on the project, computer scientist John Floren, were able to spoof GPS coordinates to the cluster of devices and simulate human movement on a Google map. They’re able to test not only scale, but device resiliency in the event of a cyber or terrorist attack, or even a natural disaster. The possibilities are enormous from a security research perspective. Scientists could test malware behavior at a large scale between connected devices, and how it would be spread either over Wi-Fi, or Bluetooth between phones.

“It’s a young platform,” Floren said. “But really anything that disrupts a network is fair game to model on our platform.”

Floren said the commodity hardware, networking and IPMI gear cost the lab about $500,000. “Because our application is based around the Internet, we were able to do it in a way that we could use gigabit Ethernet as an interconnect, which worked just fine while keeping costs down,” Floren said.

The team said it would like to expand this type of project to iOS or even Windows phones, but understand the proprietary constraints involved with Apple and Microsoft respectively.

“Android has the largest market share and it’s also the easiest to work with. It was the only feasible one to do this way,” Floren said. “It was the clearest choice for us. We’d love to do iOS, Windows and even BlackBerry because they’re so important to the corporate world.”

The next step, the team said, is to release the project to open source. It has to jump through some internal hoops to do so, but in the meantime, they hope the community would take advantage of the opportunity to use the cluster for research.

The lab’s Livermore Valley Open Campus is a collaborative environment that provides access to high-performance computing infrastructures such as MegaDroid. Also on the grounds of the campus is the new Cybersecurity Technologies Research Laboratory (CTRL), which opened in June.

“It’s important for our cybersecurity mission to see the link between CTRL and what we’re trying to do with MegaDroid and other similar projects,” said Mike Janes, communications officer for Sandia National Lab. “It’s a facility and a space where we can bring in external collaborators much easier than we’ve done in the past. With MegaDroid and other work, this offers an open and collaborative area where folks can come in and work with us.”

*Images courtesy of Dino Vournas, Sandia National Laboratories

Suggested articles

Pentagon Decision Moves Android Security Forward

The Pentagon’s decision to endorse a hardened version of Android for use inside the DoD is a smart move forward, experts said. A wholesale blessing of the Android platform isn’t possible given the various flavors of the OS. Meanwhile, attackers continue to probe deeper at kernel and OS flaws.

Department of Energy Compromised in Sophisticated Attack

Hackers targeted and compromised computer networks at United States Department of Energy headquarters in Washington DC two weeks ago, according to a report published by the Washington Free Beacon earlier this morning.