Google Integrates Rust-Based DNS Parser into Pixel 10 Modem Firmware to Strengthen Mobile Security

Publication Date: April 2026

Google has taken a pioneering step in mobile device security by integrating a Rust-based DNS parser into the modem firmware of the Pixel 10 series. This move addresses longstanding vulnerabilities in cellular baseband software, which has historically been a target for sophisticated attackers. By leveraging the memory safety guarantees of Rust, Google aims to significantly reduce the risk of remote code execution and buffer overflow attacks that have plagued modem firmware written in C and C++. This report provides a comprehensive analysis of the technical, practical, and cybersecurity implications of this innovation, offering insights for both technical professionals and executive decision-makers.

The core of Google’s innovation lies in embedding a DNS parser, implemented with the open-source hickory-proto Rust library, directly into the Pixel 10 modem’s firmware. DNS parsing is a critical function, as modern cellular communications—including features like call forwarding—depend on DNS services. The hickory-proto library was adapted to operate in a bare-metal, no_std Rust environment, making it suitable for resource-constrained modem firmware.

Rather than rewriting the entire modem stack, Google integrated the Rust-based parser into the existing C/C++ codebase using Foreign Function Interface (FFI) techniques. This hybrid approach allows the DNS parsing logic to benefit from Rust’s compile-time memory safety, while maintaining compatibility with legacy code. The integration required significant adaptation, including the addition of no_std support to hickory-proto and its dependencies, and the use of tools like cargo-gnaw to manage over 30 Rust crates. The total added code size is approximately 371KB, a manageable increase for the Pixel 10 platform.

The most significant innovation is the use of Rust—a memory-safe language—in a domain traditionally dominated by memory-unsafe languages like C and C++. Rust’s borrow checker and strict compile-time checks prevent entire classes of vulnerabilities, such as buffer overflows and memory leaks, which have been the root cause of many modem exploits. By isolating DNS parsing in Rust, Google has created a robust barrier against attacks that exploit memory management errors.

This approach is notable for its incremental modernization: rather than a costly and risky full rewrite, Google “shoehorned” the Rust component into the existing firmware. This demonstrates the feasibility of introducing memory-safe code into legacy systems, setting a precedent for other vendors and industries.

The integration of a Rust-based DNS parser directly addresses memory safety vulnerabilities that have historically plagued modem firmware. Previous research by Google Project Zero and others has shown that attackers can achieve remote code execution on modems by exploiting flaws in DNS parsing. By moving this critical function into a memory-safe environment, Google has significantly reduced the risk of exploitation via malicious DNS packets.

However, the modem firmware remains a hybrid of memory-safe and unsafe code. While the attack surface for DNS parsing is greatly reduced, other components of the firmware may still be vulnerable. Additionally, the reliance on third-party Rust crates introduces new supply chain risks, as the security and maintenance of these dependencies become part of the overall risk profile.

Google selected the hickory-proto Rust library for its strong community support, active maintenance, and comprehensive test coverage. The integration process required adapting the library and its dependencies for no_std operation, and managing the build process to include only the necessary components. Tools like cargo-gnaw were used to streamline dependency management, but this also means that the security of over 30 third-party crates must be continuously monitored.

This shift highlights the growing importance of supply chain security in firmware development. The security posture of the Pixel 10 modem now depends not only on Google’s internal practices, but also on the broader open-source ecosystem.

The Rust DNS parser is compiled and linked into the modem firmware with strict controls on memory allocation and crash handling, unified across Rust and C/C++ via FFI. The build system, adapted using Pigweed and cargo-gnaw, ensures that only the necessary components are included, minimizing the attack surface. During integration, Google encountered and resolved issues such as symbol collisions and performance regressions, demonstrating robust internal security and quality assurance processes.

These controls are essential for meeting compliance requirements and industry best practices, particularly as regulators and customers demand higher assurance for device and supply chain security.

The Pixel 10 is the first major smartphone to ship with a memory-safe language component in its modem firmware. While the added code size is acceptable for Pixel devices, it may pose challenges for more resource-constrained embedded systems. Google has indicated that further modularization of the Rust library could facilitate broader adoption across the industry.

The integration process required significant adaptation of build systems and careful management of cross-language interfaces, highlighting the technical challenges of modernizing legacy firmware. Nonetheless, Google’s success demonstrates that incremental adoption of memory-safe languages is both feasible and beneficial.

Google has a strong track record in proactive vulnerability research and transparent security practices, exemplified by initiatives like Project Zero. The company’s approach to integrating Rust into the Pixel 10 modem reflects a commitment to modern secure development practices, open-source collaboration, and upstream contributions to dependencies. This positions Google as a leader in secure firmware development and sets a benchmark for the industry.

The DNS parser is implemented using the hickory-proto Rust library, adapted for a no_std environment suitable for bare-metal firmware. The total added code size, including dependencies, is 371KB. The parser is integrated with existing C/C++ modem firmware via FFI, with the build system adapted using Pigweed and cargo-gnaw. Memory allocation and crash handling are unified across Rust and C/C++ components, ensuring consistent and secure operation.

“The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying the foundation for broader adoption of memory-safe code in other areas.” Source: Google Online Security Blog

“Modern smartphone operating systems have myriad systems in place to improve security, but none of that helps when attackers target the modem. Google’s Project Zero team has shown it’s possible to get remote code execution on Pixel phone modems over the Internet, which prompted Google to reevaluate how it secures this vital, low-level system. The solution wasn’t to rewrite modem software but rather to shoehorn a safer Rust-based component into the Pixel 10 modem.” Source: Ars Technica

“Google chose an open source DNS library called hickory-proto and adapted it for use in modem firmware. The modem environment requires Rust code to run without the standard library, using a setup known as no_std. The added code increases the firmware size by about 371 KB, including the DNS library, its dependencies, and required Rust components. This was considered acceptable for Pixel devices.” Source: Help Net Security

“DNS is a complex protocol and requires parsing of untrusted data, which can lead to vulnerabilities, particularly when implemented in a memory-unsafe language (example: CVE-2024-27227). Implementing the DNS parser in Rust offers value by decreasing the attack surfaces associated with memory unsafety.” Source: Google Online Security Blog

“Under this system, any attempt to trigger a vulnerability by manipulating memory runs into the Rust wall—it can’t be affected by malicious DNS packets. The Pixel 10 phones are the first to ship with this safer modem implementation. Google hopes this work will allow other platforms to make similar improvements, but the company notes the size of its chosen Rust library could be a problem for simpler embedded systems.” Source: Ars Technica

From a cybersecurity standpoint, Google’s integration of Rust into the Pixel 10 modem represents a major advancement in reducing the attack surface of one of the most critical and historically vulnerable components in mobile devices. Attackers have long targeted modem firmware due to its complexity, legacy code, and exposure to untrusted data. By isolating DNS parsing in a memory-safe environment, Google has effectively blocked a common vector for remote code execution and buffer overflow attacks.

For defenders, this sets a new industry benchmark for secure firmware development and demonstrates the feasibility of incrementally modernizing legacy systems with memory-safe components. The bar for attackers is now significantly higher, as exploiting DNS parsing in the Pixel 10 modem is substantially more difficult, forcing adversaries to seek other, potentially more complex, vulnerabilities.

From a market perspective, this move may accelerate industry adoption of Rust and other memory-safe languages in embedded and firmware contexts, especially as regulators and customers demand higher assurance for supply chain and device security. However, the reliance on third-party open-source crates introduces new supply chain risks, requiring ongoing vigilance in dependency management and vulnerability monitoring.

As organizations increasingly rely on third-party software components and open-source libraries, managing supply chain risk becomes more critical than ever. Rescana’s Third-Party Risk Management (TPRM) solutions help you identify, assess, and monitor the security posture of your vendors and software dependencies. Our platform provides continuous risk assessment, automated compliance checks, and actionable insights to ensure your organization remains resilient against emerging threats—whether you’re integrating new technologies or managing a complex ecosystem of suppliers. Let Rescana help you secure your supply chain and stay ahead of evolving cyber risks.

We are happy to answer any questions at ops@rescana.com.

• Active Exploitation Alert