{"id":595,"date":"2026-04-14T15:00:59","date_gmt":"2026-04-14T15:00:59","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=595"},"modified":"2026-04-14T15:00:59","modified_gmt":"2026-04-14T15:00:59","slug":"google-adds-rust-based-dns-parser-into-pixel-10-modem-to-enhance-security","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=595","title":{"rendered":"Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Apr 14, 2026<\/span><\/span><span class=\"p-tags\">Mobile Security \/ Network Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjblrgfLU8m4awyQDEqyzwguow-RuCp4UH1k5DBkrUrP87A7tsEQPPaLD_D9M4VXF5mSNrmp1eurx_QW-nVjM1nNnkyEIFyFiry3nxE0Wq3xrT0L06S6B11rEHcWzB7q78RRQySSxwLAVIncgqO5qhtY6b0A_LzYF8wtvH94G_TLQEn8UIivqrJNkH88Nf7\/s1700-e365\/android-rust.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational\u00a0level.<\/p>\n<p>\u00abThe new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying the foundation for broader adoption of memory-safe code in other areas,\u00bb Jiacheng Lu, a software engineer part of the Google Pixel\u00a0Team, <a href=\"https:\/\/security.googleblog.com\/2026\/04\/bringing-rust-to-pixel-baseband.html\">said<\/a>.<\/p>\n<p>The security boost via Rust integration is available for Pixel 10 devices, making it the first Pixel device to integrate a memory-safe language into its\u00a0modem.<\/p>\n<p>The move builds upon a series of initiatives the tech giant has taken to harden the cellular baseband modem against exploitation. In late 2023,\u00a0it highlighted the\u00a0role played\u00a0by Clang sanitizers like Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan) to\u00a0catch undefined behavior during program execution.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/vpn-risk-report-inside-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgWajeG0cdaapf1GKTZRUZUB7BzuYGegyw5k0eAorJXlmkFdYCCeLXXhXYJuXU9lWD33rV6rRnIyly3czoNfYifpxk1eGA5slItPmim3HkubXoQMgC4J7hdQPywxGbWq7Eqeff_o6s2Fq-WmSFd5guwdLn7IqpveMqULqtVnd-ndnljWYGj45EkMFB7m0qm\/s728-e100\/z-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>A year later, it\u00a0also detailed the various security measures built into the modem firmware to combat 2G exploits and baseband attacks that exploit memory-safety vulnerabilities like buffer overflows to achieve remote code execution.<\/p>\n<p>These security advances\u00a0have been complemented by Google&#8217;s steady adoption of Rust\u00a0into Android\u00a0and <a href=\"https:\/\/security.googleblog.com\/2024\/09\/deploying-rust-in-existing-firmware.html\">low-level\u00a0firmware<\/a>. In November 2025, the\u00a0company revealed that the number\u00a0of memory\u00a0safety vulnerabilities fell below 20% of total vulnerabilities discovered in the mobile operating system last\u00a0year.<\/p>\n<p>Google said it opted for the DNS protocol for its Rust implementation owing to the fact\u00a0that it underpins modern cellular communications\u00a0and that vulnerabilities in the system can expose users to malicious attacks\u00a0when designed in a memory-unsafe language, resulting\u00a0in out-of-bound memory accesses, as in the case\u00a0of <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-27227\">CVE-2024-27227<\/a>.<\/p>\n<p>\u00abWith the evolution of cellular technology, modern cellular communications have migrated to digital data networks; consequently, even basic operations such as call forwarding rely on DNS services,\u00bb it added. \u00abImplementing the DNS parser in Rust offers value by decreasing the attack surfaces associated with memory unsafety.\u00bb<\/p>\n<p>To that end, Google has chosen the\u00a0\u00ab<a href=\"https:\/\/crates.io\/crates\/hickory-proto\">hickory-proto<\/a>\u00bb crate,\u00a0a <a href=\"https:\/\/github.com\/hickory-dns\/hickory-dns\">Rust-based DNS client, server, and\u00a0resolver<\/a>, to implement the protocol, while modifying it to support bare metal and embedded environments. Another important component of this change is the use of a custom\u00a0tool called\u00a0\u00ab<a href=\"https:\/\/fuchsia.googlesource.com\/fuchsia\/+\/master\/tools\/cargo-gnaw\/\">cargo-gnaw<\/a>\u00bb to easily resolve and maintain more than 30 dependencies introduced by the\u00a0crate.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/fast-response-not-fast-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjgi9mu68zRUz1nCLLKmkAA2aBtNfP_JOTXulZoB6yImso1Onk7oM_LI0kdROu8fq5S5oDyMtd1j50W44Ye_8Sl3zQZiE8A9tmFr6kejGKjGh74uoxluF-RyBq_unDQlzjXZHCqQeuYXBoogda5zf0w-zXd6v0rIM7fEw6TcFf_QGWBu5Mop-djkEaOUa5A\/s728-e100\/tl-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The internet company also noted that the DNS Rust\u00a0crate is not\u00a0optimized for use in memory-constrained systems, and that one\u00a0possible code\u00a0size optimization could be achieved by adding extra feature flags to ensure modularity and selectively compile only required functionality.<\/p>\n<p>\u00abFor the DNS parser, we declared the DNS response parsing API in C and then implemented the same API in Rust,\u00bb Google said. \u00abThe Rust function returns an integer standing for the error\u00a0code. The received DNS answers in\u00a0the DNS\u00a0response are required\u00a0tobe\u00a0updated to in-memory data structures\u00a0that are\u00a0coupled with the original C implementation;therefore, we use existing C functions to\u00a0do it. The existing C\u00a0functions are dispatched from the Rust implementation.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Apr 14, 2026Mobile Security \/ Network Security Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing&hellip;<\/p>\n","protected":false},"author":1,"featured_media":596,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[200,1112,1217,2,1216,1214,1215,638,47],"class_list":["post-595","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-adds","tag-dns","tag-enhance","tag-google","tag-modem","tag-parser","tag-pixel","tag-rustbased","tag-security"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=595"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/595\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/596"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}