Simply Security - News, Views, and Opinions from Trend Micro

Posted on October 10th, 2012 in Research by Simply Security | Be the first to comment | Tags: Research

Android security is now being placed under the microscope of federally-funded researchers.

The Sandia National Laboratories, originally founded to develop and test non-nuclear components of nuclear weapons for the Department of Energy during the Cold War, have been a fixture within the national security agenda for more than six decades. As national defense becomes an increasingly digital pursuit – and Internet security threats become increasingly mobile – researchers have decided to construct a massive test network linking together approximately 300,000 virtual Android handsets.

"Smartphones are now ubiquitous and used as general-purpose computing devices as much as desktop or laptop computers," said Sandia research David Fritz. "But even though they are easy targets, no one appears to be studying them at the scale we're attempting."

Fritz's team has adapted the idea from previous projects which included the modeling of more than 1 million Linux machines in 2009 and a similar Windows-based initiative involving approximately 100,000 computers. As a result, researchers hope that the new Android iteration, dubbed MegaDroid, will result in valuable insights and open source solutions that can be shared with government and industry professionals.

A virtual society

The crucial component of the Sandia program will be the emulation of mobile users' habits through a "spoof" Global Positioning System (GPS). This fake data will be fed into the virtual Android machines so that they will report location-based information as they travel through this model mobile society. Researchers will effectively let the 300,000 devices loose on a projection of the surrounding streets in and around San Francisco to obtain a more realistic perspective on what exploits and opportunities may be available to hackers tapping into Bluetooth and Wi-Fi connections.

"I imagine somebody like Foursquare would have liked to have a city's worth of Android devices sitting in the room next door to test their platform on before releasing it into the wild," Fritz explained in an interview with Ars Technica. "There might be some emergent behavior that you only see at scale."

For example, researchers could simulate and geospatially track the transmission of malware that a virtual Android acquires through a public Wi-Fi network at Starbucks and unknowingly disseminates to other devices in close proximity.

The research results should also be of interest to Sandia's traditional defense sector clientele. According to the New York Times, Fritz's team sees particular potential in applying the finding to future disaster relief efforts. From relaying damage photographs and locations to harnessing mobile device accelerometers to create digital seismographs, the technology could allow troops and aid workers to collaborate more efficiently and intelligently. However, this progress will rely on the mitigation and elimination of data security and integrity issues that could arise as networks scale.

Security News from SimplySecurity.com by Trend Micro