MegaDroid: watching for global network security threats


In 2009, Sandia National Laboratories (California) booted up a Dell Thunderbird computer called MegaTux. It had 4,480 Intel microprocessors and ran 1 million copies of Windows using Linux and the Wine emulator. Basically, Sandia was doing something no-one had ever done before: they were modeling the Internet using MegaTux. The reason? To figure out global security threats and patterns that pop up when millions of computers are hooked up together.  In particular, they were studying botnets: programs that hackers use to steal computing power from computers on the Net. It might be a small percentage – say 2% of a CPU? but multiply that by a few million computers and you’ve got yourself an illegal supercomputer that no-one can track or take down. These so-called “distributed computers” are very difficult to observe. Some botnets can even detect “honeypots” – programs that pretend to be computers but instead are used to capture botnet clients.

Since the majority of computers at the time were on Windows, Sandia ran a million copies of Windows to this out.

Now, a new kind of device has jumped into the Internet: smartphones running Android. Smartphones have yet to achieve the level of security Windows had in 2009, yet each day more and more smartphones are activated and connect with their peers across multiple networks. Our contacts, closest friends, pictures, documents, email addresses – everything there on these phones, which unlike our machines are connected 24/7 to multiple open networks. More than a few million users are at risk from threats that nobody even knows about.

Even though the Android code is open, the sheer size makes it impossible to analyze global security this way. According to the researchers at Sandia, Google wrote some 14 million lines of code into Android, which itself runs on top of a Linux kernel – adding upto over 30 million lines of code.

“It’s possible for something to go wrong on the scale of a big wireless network because of a coding mistake in an operating system or an application, and it’s very hard to diagnose and fix,” said Sandia’s David Fritz to Sciencedaily. “You can’t possibly read through 15 million lines of code and understand every possible interaction between all these devices and the network.”

Sandia is repeating the experiment in a different way. They’ve launched MegaDroid: 300,000 Android smartphones are connected in a separate network completely isolated from the Internet. This isolated network can simulate the Internet environment – it can include a full domain name service (DNS), an Internet relay chat (IRC) server, a web server and multiple subnets. GPS is a major element in today’s smartphones. Location tracking and other services are highly GOS dependent. The researchers use an Android virtual machine to simulate the GPS data of smartphones in urban environments. They’re expecting to identify and build tools to analyze problems that happen when large nets of smartphones interact with one another, especially data security and leakage.

While some of this research is being carried out for government agencies, Sandia will release most of its work under open-source licenses. You could also extend the technology to other platforms besides Android,” said Keith Vanderveen, manager of Sandia’s Scalable and Secure Systems Research department. “Apple’s iOS, for instance, could take advantage of our body of knowledge and the toolkit we’re developing.”

Source: News release courtesy of Sandia National Laboratories.



  1. […] Wipe your smartphone? Easy.  Hack into your contacts? Make nonstop prank calls? Livestream pornography onto your TV?  Lock up your car? It’s been done. There’s even a record of hackers altering tyre pressure at high speeds. Imagine losing all tire pressure at 100 km/h.  You’re kebab. Add to that the usual credit card fraud, phishing scams, local DDoS hits and coordinated mega-attacks like the one on Sony and you’re good to go. […]


Please enter your comment!
Please enter your name here