Mountain View, April 14, 2026, 06:10 PDT.
- Google has put a Rust-based DNS parser inside Pixel 10 modem firmware, the first memory-safe code to ship in a Pixel baseband.
- The shift targets memory-safety bugs in one of a phone’s most exposed layers, after past modem flaws let attackers compromise devices remotely with no user interaction.
- Pixel 10 extends a modem hardening push Google began with Pixel 9, which the company previously called its most hardened baseband to date.
Google has inserted a Rust-based Domain Name System, or DNS, parser into the modem firmware of its Pixel 10 phones, a quiet change that marks the first use of a memory-safe language inside a Pixel baseband. The move extends Google’s effort to replace risky pockets of legacy C and C++ code that can be prone to memory-safety bugs such as buffer overflows.
That matters now because the baseband — the low-level software that handles a phone’s connection to cellular networks — processes data from outside networks before most users ever tap the screen. Project Zero said in 2023 that four Exynos modem flaws could let an attacker compromise a phone at the baseband level with “no user interaction,” affecting devices from Google, Samsung and Vivo. Google Project Zero
Google has been tightening that layer for more than a year. In an October 2024 security post, Pixel engineers said the Pixel 9 had the “most hardened baseband we’ve shipped yet”; Pixel 10 goes further by replacing one exposed parser rather than only wrapping older code with extra defenses. Google Online Security Blog
Jiacheng Lu, a software engineer on the Google Pixel team, said the modem still contains “tens of Megabytes of executable code” and remains a complex remote attack surface. Google said the new parser “significantly reduces our security risk” because DNS, best known for routing internet traffic, is also used in cellular functions such as call forwarding and must parse untrusted data. Google Online Security Blog
Google said it chose the open-source hickory-proto library after weighing maintenance, test coverage and adoption in the Rust ecosystem, then modified it and its dependencies to run in a bare-metal firmware environment. In a September 2024 engineering post, Android team engineers Ivan Lozano and Dominik Maier said parsers that handle common protocols such as DNS are “good initial candidates” for Rust replacements because they ingest outside data. Google Online Security Blog
The change was not free. Google said the Rust code adds about 371 kilobytes to the modem image, including the library and core components, a size cost it judged acceptable on Pixel hardware, and engineers had to fix power and performance regressions after Rust support displaced modem-optimized memory functions during linking.
The competitive backdrop is real. Project Zero’s 2023 disclosure listed affected devices from Samsung’s Galaxy range, Vivo handsets and Google’s own Pixel 6 and Pixel 7 series, underscoring how modem flaws can cut across brands when underlying baseband code is shared or inherited.
There is a limit to what this fixes. Google is not rewriting the whole modem in Rust; its own post says the firmware is still “predominantly memory-unsafe,” suggesting other bugs in older components can still matter, and the company acknowledged the extra code size could be a blocker for more constrained embedded systems. Google Online Security Blog
Still, Google is framing this as groundwork, not a one-off patch. Lu said replacing one exposed parser is valuable on its own and lays the base for more memory-safe code in future modem components, while recent coverage has stressed that users are unlikely to notice any change in signal bars or download speeds even as the security model shifts underneath.
That incremental approach sits at the center of Google’s broader Rust strategy. In last year’s firmware guidance, the Android team argued that writing new low-level code in Rust and swapping in small replacements over time can reduce the number of vulnerabilities without waiting for a full modem rewrite.
