Researchers create virtual Android network to simulate attacks

What happens to users and their phones in the event of a mobile malware epidemic or a terrorist attack? Researchers at a California-based lab are hoping to answer those very questions using simulations.

Researchers at Sandia National Laboratories in California have developed a virtual Android-based network that can be used to simulate what could happen in the event of an attack on the devices.

The network, dubbed MegaDroid, consists of 300,000 virtual Android devices that receive spoofed GPS coordinates to simulate human movement throughout a town. Researchers have also combined the virtual network with Google Street View, so that they can watch, in real time, the virtual devices wandering around.

Researchers hope that the simulation network will provide others with greater insight into what the cascading effects of a glitch in the network could result in — whether it's intentional or not — or what might happen in the event of a natural disaster or terrorist attack.

MegaDroid will primarily be used as a tool to ferret out problems that would manifest themselves when large numbers of smartphones interact, said Keith Vanderveen, manager of Sandia's Scalable and Secure Systems Research department.

One such scenario that MegaDroid might be able to help researchers with is how malware might spread if attackers discover a way to propagate their malicious code over Wi-Fi or Bluetooth.

"Smartphones are now ubiquitous and used as general-purpose computing devices as much as desktop or laptop computers," said Sandia cyber researcher David Fritz. "But even though they are easy targets, no one appears to be studying them at the scale we're attempting."

Other uses for the simulation network include tracking data leakage, and finding out how effective certain data-protection methods are.

Fritz and others at Sandia hope to release the code behind MegaDroid to the public, so that others can use it to build upon their work.

"Tools are only useful if they're used," said Fritz.

Researchers already have a few ideas about the different directions in which others could fork the project.

"You could also extend the technology to other platforms besides Android," said Sandia Scalable and Secure Systems Research manager Keith Vanderveen. "Apple's iOS, for instance, could take advantage of our body of knowledge and the tool kit we're developing."