Google Adds Rust-Based DNS Parser to Pixel 10 Modem to Improve Security
Google has announced the integration of Rust-based Domain Name System (DNS) analysis into modem firmware as part of its ongoing efforts to strengthen the security of Pixel devices and push secure code into memory at a basic level.
“The new Rust-based DNS resolver significantly reduces our security risk by reducing an entire class of vulnerabilities in a vulnerable environment, while laying the foundation for wider adoption of memory-safe code elsewhere,” said Jiacheng Lu, software engineer for the Google Pixel team.
A security boost with Rust integration is available on Pixel 10 devices, making it the first Pixel device to integrate memory protection language into its modem.
The move builds on a series of initiatives the tech giant has taken to harden its mobile baseband modem against exploitation. In late 2023, it highlighted the role played by Clang’s sanitizers such as Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan) to catch undefined behavior at runtime.
A year later, it also detailed various security measures built into the modem’s firmware to combat 2G exploits and baseband attacks that exploit memory security vulnerabilities such as buffer overflows for remote code execution.
These security improvements coincided with Google’s continued acceptance of Rust in Android and lower-level firmware. In November 2025, the company revealed that the number of memory security risks decreased to less than 20% of the total damage detected in the mobile operating system last year.
Google said it chose the DNS protocol for its Rust implementation because it supports modern communications and because vulnerabilities in the system could expose users to malicious attacks if designed in an insecure language, leading to out-of-control memory access, as in the case of CVE-2024-27227.
“With the evolution of mobile technology, modern mobile communications have moved to digital data networks; as a result, even basic functions such as telephone forwarding depend on DNS services,” he added. “Using a DNS attacker in Rust provides value by reducing attack surfaces associated with in-memory vulnerabilities.”
To do that, Google chose the “hickory-proto” crate, a Rust-based DNS client, server, and resolver, to implement the protocol, while modifying it to support bare metal and embedded environments. Another important part of this change is the use of a custom tool called “cargo-gnaw” to easily resolve and maintain more than 30 dependencies introduced by the crate.
The Internet company also noted that the DNS Rust framework is not optimized for use in memory-constrained applications, and that potential code size improvements can be achieved by adding feature flags to ensure modularity and selectively integrating only necessary functionality.
“In the DNS parser, we declared a DNS partitioning API in C and implemented the same API in Rust,” Google said. “The Rust function returns an integer error code. The DNS responses received from the DNS response are required to be updated into memory data structures corresponding to the original C implementation; therefore, we use existing C functions to do it. Existing C functions are exported from the Rust implementation.”
