Google Uses Rust in Pixel 10 Modem Firmware to Eliminate Memory-Safety Bugs

Google has taken a major step toward strengthening smartphone security by integrating the Rust programming language into the cellular baseband firmware of its new Pixel 10 devices.

The move, officially detailed in a Google Online Security Blog post on April 10, 2026, replaces the modem’s legacy Domain Name System (DNS) parser with a Rust-based alternative to eliminate memory-safety vulnerabilities.

Reinforcing Baseband Security

The cellular modem represents one of the most sensitive components inside any smartphone, constantly interacting with external cellular networks and exposing a vast remote attack surface.

Over recent years, Google’s own Project Zero researchers have demonstrated remote code execution (RCE) attacks on Pixel modems triggered solely through malicious radio signals or SMS messages requiring no user action.

By porting critical firmware sections to Rust, Google aims to neutralize entire classes of memory-safety issues like buffer overflows that attackers frequently exploit to gain unauthorized access.

This strategic shift directly enhances the modem’s resistance to zero‑day exploits targeting device connectivity and data integrity.

Though DNS is commonly linked to web activity, modern telephony heavily relies on it for functions such as call forwarding and network registration.

Because DNS parsing requires continuous handling of untrusted data, it has historically served as a gateway for serious vulnerabilities, including memory corruption bugs like CVE‑2024‑27227 found in older firmware code written in C or C++.

To strengthen this weak spot, Google’s Pixel team adopted Rust’s hickory‑proto crate, tailoring it for the modem’s bare‑metal environment.

Key technical changes include:

• Bare‑metal adaptation: The hickory‑proto library was converted to operate without Rust’s standard library (no_std), enabling compatibility with embedded systems.
• Memory management integration: Engineers linked Rust’s allocator to existing C‑based memory APIs via Foreign Function Interface (FFI) design.
• Unified crash handling: Pigweed crash reporting was extended to Rust’s panic handler, streamlining diagnostics across mixed C, C++, and Rust components.

The new Rust implementation increases the modem firmware footprint by roughly 371 KB, including libraries, shims, and reusable modules.

However, this modest size trade‑off was acceptable for Pixel 10, which is not memory‑constrained.

Google prioritized code quality, maintainability, and long‑term security resilience over compactness, ensuring the Rust components link seamlessly within the legacy build system.

This milestone marks the first time a memory‑safe language has been directly embedded into a commercial smartphone modem.

While the DNS parser replacement is only an initial phase, it signals the beginning of Google’s broader plan to migrate additional vulnerable firmware components to Rust, fortifying the baseband layer against evolving cyber threats and remote exploitation attempts.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Google Uses Rust in Pixel 10 Modem Firmware to Eliminate Memory-Safety Bugs appeared first on Cyber Security News.