Smartphone security conversations usually revolve around the operating system. Android patches arrive each month. Apps get sandboxed. Users worry about malware. But one of the most sensitive pieces of software in any phone lives somewhere else entirely. The cellular modem.
Google recently published a technical deep dive explaining that the Pixel 10 modem firmware includes a Rust based DNS parser running inside the baseband. It might sound like an obscure engineering detail, but it touches one of the most dangerous attack surfaces in modern smartphones.
The baseband is responsible for communicating with cellular networks. It processes traffic coming directly from mobile carriers and surrounding infrastructure, often before Android itself ever sees that data. That means the modem ends up parsing large amounts of untrusted input coming from outside the device.
SEE ALSO: Canonical joins Rust Foundation
Google acknowledges the risk. The company says Pixel modem firmware contains tens of megabytes of executable code and exposes a large remote attack surface. In the past, researchers have demonstrated remote code execution attacks against smartphone basebands, sometimes triggered through network interactions alone.
That context explains why Google is experimenting with Rust inside the modem.
Rust has become popular in recent years because it prevents many of the memory safety problems that have plagued C and C++ software for decades. Bugs such as buffer overflows and use after free errors have historically been responsible for a large share of serious security vulnerabilities. Rust is designed to eliminate those categories of mistakes at the language level.
Rather than attempting a full rewrite of modem firmware, Google started with something smaller but important. DNS parsing.
Most people associate DNS with web browsing, but cellular networks rely on it for more than just loading websites. Even features such as call forwarding and certain network services depend on DNS queries behind the scenes. That means the modem has to process DNS responses coming from the network, which introduces the classic problem of parsing complex and potentially hostile data.
Google implemented the new parser using the Rust library hickory-proto, which is actively maintained and widely used in the Rust ecosystem. Engineers modified the project and several dependencies so the code could run in a bare metal firmware environment without the standard Rust library.
The Rust implementation adds about 371KB to the modem firmware image. That includes the parser itself, its dependencies, and the minimal runtime components required for Rust in this environment. According to Google, the Pixel modem is not especially constrained by memory, so the company prioritized security and code quality over aggressively shrinking the binary.
Integrating Rust into an existing C and C++ firmware stack was not completely straightforward.
The Pixel modem firmware already includes its own memory allocation system and crash handling infrastructure. Engineers wired Rust into those components so both languages share the same runtime behavior. The DNS parser exposes a C compatible interface so existing modem code can call it, while Rust callbacks pass parsed results back into the original C data structures.
Google engineers also discovered an unexpected performance issue during development. Rust compiler builtins replaced optimized modem implementations of functions such as memcpy and memset, which led to power and performance regressions in testing. The problem was eventually fixed by stripping those conflicting symbols during the build process.
The end result is that Pixel 10 devices already include Rust code running directly inside their modem firmware.
That does not mean the entire baseband has been rewritten. The change is focused on one component that handles complex network data. Still, it represents a notable step toward using memory safe languages in some of the most security sensitive parts of a smartphone.
Across the tech industry, companies are increasingly experimenting with Rust for low level systems code. Google has already introduced Rust into parts of Android, and now the Pixel modem firmware is getting its first piece of Rust as well.
For Pixel owners, the takeaway is straightforward. Some of the code responsible for parsing potentially hostile network data inside the modem is now written in a language designed to eliminate entire classes of memory safety bugs.
That will not eliminate vulnerabilities overnight. But when the attack surface involves something as sensitive as a cellular baseband, even small steps toward safer code are worth paying attention to.
