Ddos 
In a significant leap for mobile hardware security, the Google Pixel Team has revealed that the Pixel 10 series will be the first to integrate memory-safe code directly into its cellular baseband modem. By incorporating a DNS parser written in Rust, Google aims to eliminate an entire class of vulnerabilities in one of the device’s most sensitive and complex components.
The cellular modem is a critical yet often overlooked piece of a smartphone’s security architecture. Modern modems contain tens of megabytes of executable code and are responsible for processing vast amounts of untrusted data from cellular networks. Historically, this firmware has been written in memory-unsafe languages like C and C++, leaving it open to remote exploitation.
Google noted the urgency of this shift, stating, “Given the complexity and remote attack surface of the modem, other critical memory safety vulnerabilities may remain in the predominantly memory-unsafe firmware code”. The team pointed to previous research where remote code execution was achieved on modems over the internet as a primary motivator for this proactive hardening.
While DNS is often associated with web browsers, it is foundational to modern cellular connectivity. As networks have migrated to digital data, even basic tasks like call forwarding now rely on DNS services.
However, parsing DNS data is inherently risky. The team explained that “DNS is a complex protocol and requires parsing of untrusted data, which can lead to vulnerabilities, particularly when implemented in a memory-unsafe language”. By replacing the legacy parser with one built in Rust, Google can mitigate risks like buffer overflows and use-after-free errors before they can be weaponized.
Integrating a modern language like Rust into a specialized, “bare-metal” environment like a modem required significant engineering effort.
The team selected the hickory-proto crate for its excellent maintenance and community adoption. However, it lacked the no_std support required for the modem’s environment. Google engineers performed the “mostly mechanical” work to enable no_std for the library and its dependencies, contributing those improvements back to the open-source community.
To avoid symbol conflicts and ensure scalability, the team integrated Rust directly into their existing Pigweed-based build system rather than using a pre-compiled static library.
The process was not without its snags. During testing, the team discovered unexpected performance regressions. Upon analysis, they realized that optimized system functions like memset and memcpy were being accidentally replaced by weaker versions within the Rust compiler. This was resolved by stripping specific crates before the final linking step.
The move to Rust in the Pixel 10 modem represents a “pivotal moment” for the device line. Beyond simply fixing a single parser, the project has established the necessary toolchains and expertise to migrate more of the modem’s attack surface to memory-safe languages in the future.
As the Google Pixel Team concluded, “While replacing one piece of risky attack surface is itself valuable, this project lays the foundation for future integration of memory-safe parsers and code into the cellular baseband”. For users, this means a more resilient device that is secured from the ground up, starting with the very signals it uses to connect to the world.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
