Google has implemented Rust within the modem firmware of its Pixel 10 phones to enhance security, specifically targeting the DNS parser. This move aims to protect against zero-day attacks by leveraging Rust's memory-safe features.
Rust's borrow checker mechanism ensures memory safety at compile time, preventing common vulnerabilities that arise from memory management errors. While updating decades of existing C/C++ modem code to Rust is a monumental task, Google focused on the critical DNS parsing component, a frequent target due to its handling of untrusted data.
Google adopted the open-source hickory-proto Rust DNS library. Though not heavily optimized, its broad adoption and support were key factors. The library, which adds approximately 371KB, was integrated into the existing modem code after stripping standard library dependencies for faster operation. This 'Rust wall' prevents malicious DNS packets from exploiting memory vulnerabilities.
The Pixel 10 marks the first device to feature this improved modem. Google anticipates this approach could enable similar security enhancements on other platforms, acknowledging potential size constraints for simpler embedded systems. The company views this as a foundational step for further integrating memory-safe components into cellular basebands.