Ethical Hacking News
Google has integrated a Rust-based DNS parser into the modem firmware of the Pixel 10 device, marking a significant step towards enhancing the security posture of its products.
Google has integrated a Rust-based Domain Name System (DNS) parser into the modem firmware of the Pixel 10 device.The integration reduces the security risk by mitigating an entire class of vulnerabilities in a risky area.Google aims to lay the foundation for broader adoption of memory-safe code in other areas and further fortify the security posture of its devices.The DNS parser is available exclusively on the Pixel 10 device, marking the first Pixel device to integrate a memory-safe language into its modem.
Google has taken a significant step towards bolstering the security of its Pixel devices by integrating a Rust-based Domain Name System (DNS) parser into the modem firmware. This move marks a major milestone in the company's ongoing efforts to enhance the security of its products and push memory-safe code at a more foundational level.
According to Jiacheng Lu, a software engineer part of the Google Pixel Team, the new Rust-based DNS parser significantly reduces the security risk by mitigating an entire class of vulnerabilities in a risky area. By adopting this technology, Google aims to lay the foundation for broader adoption of memory-safe code in other areas, further fortifying the security posture of its devices.
The integration of this Rust-based DNS parser is available exclusively on the Pixel 10 device, making it the first Pixel device to integrate a memory-safe language into its modem. This development follows a series of initiatives undertaken by Google to harden the cellular baseband modem against exploitation. In late 2023, the company highlighted the role played by Clang sanitizers like Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan) to catch undefined behavior during program execution.
A year later, in November 2025, Google detailed various security measures built into the modem firmware to combat 2G exploits and baseband attacks that exploit memory-safety vulnerabilities like buffer overflows to achieve remote code execution. These security advances have been complemented by Google's steady adoption of Rust into Android and low-level firmware.
Google's decision to opt for the DNS protocol for its Rust implementation is rooted in the fact that it underpins modern cellular communications and that vulnerabilities in the system can expose users to malicious attacks when designed in a memory-unsafe language, resulting in out-of-bound memory accesses. The example of CVE-2024-27227 further underscores this point, as it demonstrates how a vulnerability in a memory-unsafe language could lead to such exposure.
In light of these considerations, Google has chosen the "hickory-proto" crate, a Rust-based DNS client, server, and resolver, to implement the DNS protocol. The company has also modified this implementation to support bare metal and embedded environments. Another key component of this change is the use of a custom tool called "cargo-gnaw," which enables users to easily resolve and maintain more than 30 dependencies introduced by the crate.
While the DNS Rust crate is not optimized for use in memory-constrained systems, Google has identified potential code size optimizations that could be achieved by adding extra feature flags to ensure modularity and selectively compile only required functionality. The company also notes that it declared the DNS response parsing API in C and then implemented the same API in Rust.
The implementation of this Rust-based DNS parser offers value by decreasing the attack surfaces associated with memory unsafety. By adopting this technology, Google aims to further enhance the security posture of its Pixel devices and push memory-safe code at a more foundational level.
In conclusion, Google's integration of a Rust-based DNS parser into the modem firmware represents a significant development in the company's ongoing efforts to bolster the security of its Pixel devices. This move is part of a broader trend towards adopting memory-safe technologies and reducing the risk of exploitation in these systems.
Google has integrated a Rust-based DNS parser into the modem firmware of the Pixel 10 device, marking a significant step towards enhancing the security posture of its products.
Related Information:
https://www.ethicalhackingnews.com/articles/Googles-Cutting-Edge-Security-Measures-The-Rollout-of-Rust-Based-DNS-Parser-on-Pixel-10-Modem-ehn.shtml
https://thehackernews.com/2026/04/google-adds-rust-based-dns-parser-into.html
https://security.googleblog.com/2026/04/bringing-rust-to-pixel-baseband.html
Published: Tue Apr 14 09:56:48 2026 by llama3.2 3B Q4_K_M
