Sandia's David Fritz holds two Android smartphones, representing the virtual network of 300,000 such devices that he and other researchers are using to advance understanding of malicious computer networks on the Internet. Photo by Dino Vournas (Click image to enlarge.)
Sandia Labs Study of Cyber Disruptions on Mobile Devices Has GPS Spoofing Element
October 17, 2012
As part of ongoing research to help prevent and mitigate disruptions to computer networks on the Internet, researchers at Sandia National Laboratories’ research facility in Livermore, California, have turned their attention to handheld computing devices — including studying GPS spoofing threats to smartphones.
Sandia cyber researchers linked together 300,000 virtual hand-held computing devices running the Android operating system in order to study large networks of smartphones and find ways to make them more reliable and secure. Android operating systems dominate the smartphone industry and run on a range of mobile devices.
The Livermore, California–based work is expected to result in a software tool that will allow others in the cyber research community to model similar environments and study the behaviors of smartphone networks. Ultimately, the tool will enable the computing industry to better protect hand-held devices from malicious intent.
The project builds on the success of earlier work in which Sandia focused on virtual Linux and Windows desktop systems.
“Smartphones are now ubiquitous and used as general-purpose computing devices as much as desktop or laptop computers,” said Sandia’s David Fritz, a senior member of the Sandia technical staﬀ. “But even though they are easy targets, no one appears to be studying them at the scale we’re attempting.”
The Android project, dubbed MegaDroid, is expected to help researchers at Sandia and elsewhere who struggle to understand large-scale networks. Soon, Sandia expects to complete a sophisticated demonstration of the MegaDroid project that could be presented to potential industry or government collaborators.
The virtual Android network at Sandia, said computer scientist John Floren, is carefully insulated from other networks at the labs and the outside world but can be built up into a realistic computing environment. That environment might include a full domain name service (DNS), an Internet relay chat (IRC) server, a web server, and multiple subnets.
A key element of the Android project, Floren said, is a “spoof” Global Positioning System (GPS). Another senior member of the Sandia technical staﬀ, Floren and his colleagues created simulated GPS data of a smartphone user in an urban environment, an important experiment because smartphones and such key features as Bluetooth and Wi-Fi capabilities are highly location-dependent and thus could easily be controlled and manipulated by rogue actors.
The researchers then fed that data into the GPS input of an Android virtual machine (VM). Software on the virtual machine treats the location data as indistinguishable from real GPS data. This offers researchers a much richer and more accurate emulation environment from which to analyze and study what hackers can do to smartphone networks, Floren said.
“We tested the GPS spoofing functionality by opening the OpenStreetMap application in a VM and watching the device ‘move,’” Floren told Inside GNSS. OpenStreetMap is a collaborative project to create a free, editable map of the world, established under an Open Data Commons Open Database License.
“We didn't have time, unfortunately, to do a bigger test with the GPS spoofing,” Floren added. “As far as an application is concerned, the GPS data coming in will be indistinguishable from real GPS positions; although an app could attempt to detect ‘spoofed’ data by looking for patterns indicating simulation, I have not heard of any.”
The Sandia Android researchers believe that their project represents a significant steppingstone for those hoping to understand and limit the damage from network disruptions due to glitches in software or protocols, natural disasters, acts of terrorism, or other causes. These disruptions can cause significant economic and other losses for individual consumers, companies and governments.
“You can’t defend against something you don’t understand,” Floren said. The larger the scale the better, he said, since more computer nodes offer more data for researchers to observe and study.
The research builds upon the Megatux project that started in 2009, in which Sandia scientists ran a million virtual Linux machines, and on a later project that focused on the Windows operating system, called MegaWin. Sandia researchers created those virtual networks at large scale using real Linux and Windows instances in virtual machines.
The main challenge in studying Android-based machines, the researchers say, is the sheer complexity of the software. Google, which developed the Android operating system, wrote some 14 million lines of code into the software, and the system runs on top of a Linux kernel, which more than doubles the amount of code.
Much of Sandia’s work on virtual computing environments will soon be available for other cyber researchers via open source. Floren and Fritz believe Sandia should continue to work on tools that industry leaders and developers can use to better diagnose and fix problems in computer networks.
MegaDroid primarily will be useful as a tool to ferret out problems that would manifest themselves when large numbers of smartphones interact, said Keith Vanderveen, manager of Sandia’s Scalable and Secure Systems Research department.
Sandia Labs, headquartered in Albuquerque, New Mexico, is a federally funded research and development center (FFRDC) operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin company, for the U.S. Department of Energy’s National Nuclear Security Administration. The Livermore facility is its second principal laboratory.
Copyright © 2012 Gibbons Media & Research LLC, all rights reserved.