Google announced that it is integrating a Rust-based Domain Name System (DNS) parser into its modem firmware as part of its continued efforts to strengthen the security of Pixel devices and push memory-safe code at a more fundamental level.
“The new Rust-based DNS parser significantly reduces security risks by mitigating an entire class of vulnerabilities in high-risk areas, while laying the foundation for broader adoption of memory-safe code in other areas,” said Jiacheng Lu, a software engineer on the Google Pixel team.
Enhanced security with Rust integration is available on Pixel 10 devices, making them the first Pixel devices to integrate the memory-safe language into their modems.
The move builds on a series of efforts taken by the tech giant to harden cell phone baseband modems from abuse. In late 2023, we highlighted the role that Clang sanitizers, such as Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), play in catching undefined behavior during program execution.
A year later, we also detailed the various security measures built into modem firmware to counter 2G exploits and baseband attacks that exploit memory safety vulnerabilities such as buffer overflows to achieve remote code execution.
These security advances are complemented by Google’s steady adoption of Rust for Android and low-level firmware. In November 2025, the company revealed that the number of memory safety vulnerabilities was now less than 20% of all vulnerabilities discovered in mobile operating systems last year.
Google said it chose the DNS protocol for its Rust implementation because it underpins modern cellular communications, and when designed in a memory-insecure language, vulnerabilities in the system can expose users to malicious attacks, resulting in out-of-bounds memory accesses, as in the case of CVE-2024-27227.
“With the evolution of cellular technology, modern cellular communications have migrated to digital data networks. As a result, even basic operations such as call forwarding are dependent on DNS services,” the company added. “Implementing a DNS parser in Rust creates value by reducing the attack surface associated with securing memory.”
To that end, Google chose the “hickory-proto” crate, a Rust-based DNS client, server, and resolver, to implement the protocol and modified it to support bare metal and embedded environments. Another key component of this change is the use of a custom tool called “cargo-gnaw” to easily resolve and maintain the 30+ dependencies introduced by Crate.
The internet company also noted that the DNS Rust crate is not optimized for use on memory-constrained systems, and that code size optimizations could be achieved by adding additional feature flags to ensure modularity and selectively compile only the functionality you need.
“For the DNS parser, we declared a DNS response parsing API in C and implemented the same API in Rust,” Google said. “The Rust function returns an integer that represents the error code. The DNS response received in the DNS response needs to be updated into an in-memory data structure that is combined with the original C implementation. So we use an existing C function to do that. The existing C function is dispatched from the Rust implementation.”
Source link
