Google uses Rust for the Pixel 10 modems, and here’s why it’s important

Google strengthens the security of the Pixel 10 by addressing the vulnerable firmware of the cellular modem. Rather than rewriting decades of legacy code, the company has implemented a new DNS parser using Rust.

This solution prevents serious memory corruption errors while ensuring the necessary performance, marking a fundamental step toward protecting devices.

Google uses Rust to protect the Pixel 10

The security of modern smartphones faces increasingly complex challenges, and one of the components most exposed to attacks is often overlooked: the cellular baseband.

This hardware component, which manages radio communication and signal processing, effectively operates as an independent operating system.

Traditionally, modem firmware is written in languages such as C and C++ and consists of tens of megabytes of proprietary code that handles every critical aspect, from the complex management of the signal to the ongoing negotiation of protocols.

However, memory management in these environments is extremely problematic. The result is a firmware often vulnerable to structural errors, such as buffer overflows or the use of memory after the release.

These flaws potentially allow attackers to execute code remotely, bypassing entirely the defenses of the main operating system.

The Project Zero team has in fact demonstrated in the past how it is possible to compromise Exynos-based modems directly via Internet, cataloging over 20 vulnerabilities, of which 18 were classified as severe. Even fixing individual bugs, the intrinsic risk does not disappear, because the source code maintains a high level of complexity and exposure.

Real-time performance and the role of Rust

Completely rewriting this firmware using a memory-safe language is not a short-term viable solution. Component makers have spent decades building layers of code aligned with the 3GPP stringent specifications, treating much of this work as a tightly guarded industrial secret.

Moreover, modems must operate in real time, a requirement that has historically favored the use of C and C++ for their optimal performance. Alternative languages like Python or C#, based on automatic memory management known as garbage collection, would introduce latency spikes incompatible with the strict timing of radio networks.

Adopting Rust offers a brilliant alternative. This language guarantees memory safety directly at compile time through a strict ownership model, completely avoiding the use of a garbage collector.

In this way, an entire category of errors related to data corruption simply does not reach the execution phase, making Rust an ideal tool for those critical systems that require high speeds without compromising strict reliability guarantees.

Targeted integration into the DNS parser

Rather than attempting an impossible total rewrite, engineers have identified a well-defined and particularly exposed sub-system inside the modem: the processing of DNS requests. Since modern phone functionalities rely heavily on IP data networks, the DNS protocol has become a cornerstone for locating services and routing essential functions.

Parsers must continuously analyze packets coming from untrusted external sources and decode intricate instructions, which has made them a frequent source of security flaws in older implementations.

To effectively protect this access path, the Rust library named “hickory-proto“, widely tested and actively supported was chosen.

By removing dependencies from the standard library to meet the device’s space constraints, the new modules add about 371 kilobytes to the firmware’s total size.

Incoming requests are now handled and filtered by the new code before they can interact with the preexisting legacy paths.

Any attempt at cyber intrusion via malicious network packets encounters the structural blocks of the new language, marking a smart, methodological approach: progressively isolating the portions of software most at risk to drastically reduce the attack surface.