Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level.
“The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying the foundation for broader adoption of memory-safe code in other areas,” Jiacheng Lu, a software engineer part of the Google Pixel Team, said.
The security boost via Rust integration is available for Pixel 10 devices, making it the first Pixel device to integrate a memory-safe language into its modem.
The move builds upon a series of initiatives the tech giant has taken to harden the cellular baseband modem against exploitation. In late 2023, it highlighted the role played by Clang sanitizers like Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan) to catch undefined behavior during program execution.
A year later, it also detailed the various security measures built into the modem firmware to combat 2G exploits and baseband attacks that exploit memory-safety vulnerabilities like buffer overflows to achieve remote code execution.
These security advances have been complemented by Google’s steady adoption of Rust into Android and low-level firmware. In November 2025, the company revealed that the number of memory safety vulnerabilities fell below 20% of total vulnerabilities discovered in the mobile operating system last year.
Google said it opted for the DNS protocol for its Rust implementation owing to the fact that it underpins modern cellular communications and that vulnerabilities in the system can expose users to malicious attacks when designed in a memory-unsafe language, resulting in out-of-bound memory accesses, as in the case of CVE-2024-27227.
“With the evolution of cellular technology, modern cellular communications have migrated to digital data networks; consequently, even basic operations such as call forwarding rely on DNS services,” it added. “Implementing the DNS parser in Rust offers value by decreasing the attack surfaces associated with memory unsafety.”
To that end, Google has chosen the “hickory-proto” crate, a Rust-based DNS client, server, and resolver, to implement the protocol, while modifying it to support bare metal and embedded environments. Another important component of this change is the use of a custom tool called “cargo-gnaw” to easily resolve and maintain more than 30 dependencies introduced by the crate.
The internet company also noted that the DNS Rust crate is not optimized for use in memory-constrained systems, and that one possible code size optimization could be achieved by adding extra feature flags to ensure modularity and selectively compile only required functionality.
“For the DNS parser, we declared the DNS response parsing API in C and then implemented the same API in Rust,” Google said. “The Rust function returns an integer standing for the error code. The received DNS answers in the DNS response are required tobe updated to in-memory data structures that are coupled with the original C implementation;therefore, we use existing C functions to do it. The existing C functions are dispatched from the Rust implementation.”
