Google puts Rust DNS parser into Pixel 10 modem firmware

Google has pushed Rust into one of the most security-sensitive parts of a phone: the Pixel 10 cellular baseband. On April 10, the company said it replaced a C DNS parser in modem firmware with a memory-safe Rust version built on hickory-proto, turning a language choice into a concrete defense inside a remote attack surface that sits far below the app layer.

This was not a symbolic rewrite. The parser had to run without the standard library, so Google added no_std support to hickory-proto and the dependencies it relied on. That makes the Pixel 10 work a practical example of Rust crossing into bare-metal telecom firmware at consumer scale, not just landing in servers, tools, or higher-level Android components.

Google said it evaluated multiple DNS crates before settling on hickory-proto, pointing to its maintenance, broad adoption in the Rust community, and more than 75% test coverage. DNS was the obvious pressure point. Google cited CVE-2024-27227, published by Google Devices on March 11, 2024, as a reminder that a malicious DNS response can trigger out-of-bounds reads, writes, and other memory issues in unsafe code.

The company framed the move against the scale of the problem it is trying to shrink. Google described the modem baseband as containing tens of megabytes of executable code and said Project Zero’s remote code execution findings on Pixel modems helped motivate the effort. Project Zero had already shown multiple Internet-to-baseband remote RCE vulnerabilities affecting Pixel 6 and Pixel 7 in March 2023, a reminder that cellular firmware remains one of the most exposed parts of the device.

Pixel 10 also fits into a longer hardening campaign. Google said Pixel 9 shipped with mitigations against a range of memory-safety bugs, and in an October 3, 2024 modem post it called Pixel 9 its most hardened baseband yet. In December 2023, Google said remote baseband RCE is treated as CRITICAL in Android’s vulnerability guidance. The company’s September 4, 2024 firmware post laid out the broader playbook: use thin Rust shims to replace risky C functionality incrementally, rather than trying to rewrite entire codebases at once.

That is the real story here. Rust is no longer just a promise about safer software. In Pixel 10 modem firmware, it is a live replacement for vulnerable parsing code in a place where untrusted network traffic meets bare metal, and where one memory bug can become a full baseband compromise.