New Google DNS Parser into Pixel 10 Modem

Summary

Google has introduced a Rust-based DNS parser into the modem firmware of its upcoming Pixel 10 devices to improve security and reduce memory-related vulnerabilities.

This marks a major step in adopting memory-safe programming at a deeper system level, particularly within the cellular baseband — a traditionally high-risk attack surface.

Key highlights:
• First Pixel device to integrate Rust directly into modem firmware
• Focus on reducing memory safety vulnerabilities
• Targets DNS processing, a critical component of network communication

Research Source

According to Google’s Pixel security engineering team, the move is part of a broader initiative to minimize memory-related vulnerabilities, which historically account for a large portion of security flaws in low-level systems.

Google reported that memory safety issues dropped to below 20% of total Android vulnerabilities in 2025, reflecting the effectiveness of adopting Rust and similar protections.

Technical Details

The implementation focuses on replacing parts of the DNS parsing logic with Rust.

Key technical points:
• Uses the “hickory-proto” Rust DNS crate
• Modified for embedded and modem environments
• Integrated with existing C-based systems
• Introduces cargo-gnaw tool to manage dependencies

How it works:
• DNS response parsing is handled in Rust
• Results are passed back to existing C structures
• Ensures compatibility while improving safety

Security improvements:
• Prevents buffer overflows
• Reduces out-of-bounds memory access
• Mitigates risk of remote code execution (RCE) in baseband

Observed Security Improvements

Memory Safety
• Eliminates common vulnerabilities caused by unsafe memory handling

Reduced Attack Surface
• Secures DNS layer used in cellular communication

Baseband Hardening
• Strengthens one of the most sensitive components in mobile devices

Secure-by-Design Approach
• Moves security earlier into development lifecycle

Impact

This change significantly improves the security posture of Pixel devices:

• Reduces likelihood of baseband exploitation
• Protects users from network-level attacks
• Limits attacker ability to exploit DNS-related flaws
• Sets a precedent for secure firmware development

For the industry:
• Encourages adoption of memory-safe languages like Rust
• Signals a shift toward secure low-level system design
• Raises baseline expectations for mobile device security

Recommendations

For organizations and developers:

Adopt memory-safe languages (e.g., Rust) where possible
Prioritize security in low-level components (firmware, drivers)
Audit legacy C/C++ code handling network inputs
Implement secure parsing mechanisms for protocols like DNS
Continuously monitor for memory-related vulnerabilities

While not an active threat, this development highlights:

• The importance of memory safety in preventing exploits
• The need to monitor baseband and firmware attack surfaces
• A growing trend toward secure-by-design architecture

References
• https://thehackernews.com/2026/04/google-adds-rust-based-dns-parser-into.html