Rust does not have a slow garbage collector. Instead, it uses a mechanism called a borrow checker that ensures memory safety at compile time. This strict set of rules ensures that you cannot “forget” to free memory – code will not compile if the memory rules are violated. This is what makes Rust a memory-safe language.
However, even Google can’t wave its proverbial hand and change the way modem firmware is written – we’re talking about tens of megabytes of executable machine code, which is a lot. Not only would updating decades of work be a daunting task, but many of the companies involved also consider the inner workings of the modem a trade secret.
To protect Pixel modems from zero-day attacks, Google focused on the DNS parser. As cellular features have moved to data networks, DNS has become a core part of how phones work. Google points out that DNS requires parsing of untrusted data, and this makes it a major security concern, but this is something you can solve with Rust.
Google chose hickory-proto The open source Rust DNS library, which is not particularly optimized but is widely adopted and supported. The modem in Pixel phones does not have a memory-constrained environment, which allowed the team to work on the Rust component to make DNS secure in existing code. The team removed standard library dependencies, allowing it to be compiled to machine code for faster operation, which was then grafted onto existing C/C++ modem code. In total, the Rust components added 371KB, which is workable in the Pixel modem.
Under this system, any attempts to trigger the vulnerability by manipulating memory run into the Rust wall – it cannot be affected by malicious DNS packets. Pixel 10 phones are the first to come with this secure modem implementation. Google hopes this work will allow other platforms to make similar improvements, but the company believes the size of its chosen Rust library may be a problem for simple embedded systems. It may be possible to solve this in the future by making the library more modular. Google also sees this work as a foundation for integrating more memory-safe components into the cellular baseband over time.
<a href