Google Integrates Rust-Based DNS Parser into Pixel 10 Modem for Enhanced Security
In a significant move to bolster the security of its Pixel devices, Google has integrated a Rust-based Domain Name System (DNS) parser into the modem firmware of the Pixel 10. This initiative underscores Google’s commitment to incorporating memory-safe code at a foundational level, thereby mitigating a broad spectrum of vulnerabilities.
Jiacheng Lu, a software engineer with the Google Pixel Team, emphasized the impact of this development:
The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying the foundation for broader adoption of memory-safe code in other areas.
The Pixel 10 stands as the first device in the Pixel lineup to feature a modem integrated with a memory-safe language, marking a pivotal advancement in Google’s security architecture.
Background on Google’s Security Enhancements
This integration is part of a series of strategic initiatives by Google aimed at fortifying the cellular baseband modem against potential exploits. In late 2023, the company highlighted the effectiveness of Clang sanitizers, such as Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), in detecting undefined behaviors during program execution.
By late 2024, Google detailed various security measures embedded within the modem firmware to counteract 2G exploits and baseband attacks that leverage memory-safety vulnerabilities, like buffer overflows, to achieve remote code execution.
Complementing these efforts, Google’s progressive adoption of Rust into Android and low-level firmware has yielded tangible results. In November 2025, the company reported a decline in memory safety vulnerabilities, with such issues comprising less than 20% of the total vulnerabilities identified in the mobile operating system that year.
Rationale for Choosing DNS Protocol and Rust Implementation
The decision to implement the DNS protocol using Rust is rooted in the protocol’s critical role in modern cellular communications. Vulnerabilities within the DNS system can expose users to malicious attacks, especially when the system is designed using memory-unsafe languages, leading to out-of-bound memory accesses. A notable example is CVE-2024-27227, which underscored the risks associated with such vulnerabilities.
As cellular technology has evolved, operations like call forwarding now rely heavily on DNS services. By implementing the DNS parser in Rust, Google aims to reduce attack surfaces linked to memory unsafety, thereby enhancing overall device security.
Technical Implementation Details
To realize this integration, Google selected the hickory-proto crate, a Rust-based DNS client, server, and resolver. This crate was modified to support bare metal and embedded environments, aligning with the specific requirements of the modem firmware.
A critical component of this implementation is the use of a custom tool named cargo-gnaw. This tool facilitates the resolution and maintenance of over 30 dependencies introduced by the crate, streamlining the integration process.
Google acknowledged that the DNS Rust crate is not optimized for memory-constrained systems. To address this, potential code size optimizations are being considered, such as adding extra feature flags to ensure modularity and selectively compiling only the necessary functionalities.
In terms of interfacing between Rust and existing C implementations, Google outlined the following approach:
For the DNS parser, we declared the DNS response parsing API in C and then implemented the same API in Rust. The Rust function returns an integer standing for the error code. The received DNS answers in the DNS response are required to be updated to in-memory data structures that are coupled with the original C implementation; therefore, we use existing C functions to do it. The existing C functions are dispatched from the Rust implementation.
Broader Implications and Future Directions
This integration signifies a broader trend within Google to adopt memory-safe languages like Rust across various components of its software and hardware stack. By addressing memory safety at the code level, Google aims to proactively mitigate entire classes of vulnerabilities, enhancing the overall security posture of its devices.
The success of this implementation may pave the way for further adoption of Rust in other critical areas, potentially setting a new standard for secure coding practices in the industry.
Conclusion
Google’s integration of a Rust-based DNS parser into the Pixel 10 modem firmware represents a significant advancement in mobile device security. By leveraging the memory safety features of Rust, Google effectively reduces the risk of vulnerabilities associated with memory unsafety, thereby providing users with a more secure and reliable device experience.
