15.04.2026
4 min
199
Google has implemented a new DNS parser written in Rust into the Pixel 10 modem firmware. This solution aims to reduce risks associated with memory errors and strengthen protection against attacks at the base modem level.
Google is deepening the security of its Pixel phones. As part of an effort to do so, they are integrating a Rust-written DNS parser directly into the modem. The goal here is simply to make those potential memory error based problems smaller, and transition over to using more secure technologies.
As stated by Pixel engineer Jiacheng Lu, “The new Rust-based DNS parser greatly lessens your exposure to certain security risks, by removing a large group of previously identified risks related to memory unsafe programming.”
He also mentioned that this should help lay a basis for transitioning memory-safe code across many different parts of the software stack. The changes will take place in the modems of the Pixel 10 phones. This will be the first phone to have Rust implemented into the modem. It wasn’t developed from scratch, rather it is the culmination of several years of efforts by Google to improve the security of what can be considered the base layer of all communication. Prior to that, in late 2023, the company had begun implementing Clang sanitizers including:
Overflow Sanitizer (IntSan)
BoundsSanitizer (BoundSan)
They assist in detecting run-time errors and some of these may include dangerous memory behavior. In 2024, Google published several modem-specific protections designed to combat threats based upon a “baseband” and/or “2G”, both of which utilize common types of vulnerabilities (i.e., buffer overflow) to allow an attacker to gain remote-code-execution. Concurrently, Google continues to promote Rust throughout the entire Android ecosystem. As per internal Google metrics, the percentage of memory-based vulnerabilities identified have dropped below 20%.
The primary reason for choosing DNS as the new technology was due to the fact that this protocol is the foundation of modern mobile communications. Many of the fundamental features associated with modern mobile communications rely heavily on DNS (e.g. call-forwarding). If a vulnerability exists within the DNS process, it provides a pathway for exploitation of many other potential vulnerabilities including out-of-bound memory access, as was demonstrated by CVE-2024-27227. Google explicitly states that moving from C/C++ to Rust reduces the attack surface area and makes DNS processing significantly safer. The hickory-proto library was used to implement the new DNS technology. This library represents a complete DNS client/server written in Rust; however, it required significant modifications for use in embedded systems and in a bare metal environment. Additionally, Google developed its own cargo-gnaw dependency manager. There are over thirty different dependencies managed using cargo-gnaw.
The developers admit that the solution isn’t perfect; specifically, they indicate that the Rust-based DNS library does not currently optimize well on low-memory devices. One of the next major milestones will be optimizing the size of the code via modularity and selectively compiling sections of code.
From a technical standpoint, the integration is described as follows: Google chose to retain the C API for parsing DNS response packets; however, they implemented the parsing functionality itself utilizing Rust. The parsed results were returned as a numeric value; subsequently, the returned values were passed into existing memory-based structures through C APIs. This allowed for the integration of the newly enhanced secure logic with existing legacy architecture without requiring a complete rewrite of the underlying system.
Ultimately, Google is taking a fundamentally different approach towards securing its software solutions; instead of continually patching bugs after they occur, Google is attempting to remove the root causes for the occurrence of those bugs. If successful, we could reasonably anticipate seeing numerous other critical Android components being rewritten in Rust during the coming years.
