Rust does not have a slow garbage collector. Instead, it uses a mechanism called debt checking that ensures memory safety at compile time. This strict set of rules ensures that you can’t “forget” to free memory – the code simply won’t compile if the memory rules are violated. This is what makes Rust a memory-safe language.
However, even Google can’t wave its proverbial hand and change how modem software is written — we’re talking tens of megabytes of executable machine code, that’s a lot. Not only would it be difficult to update decades of work, but many of the companies involved also consider the inner workings of modems a trade secret.
To protect the Pixel modem from zero-day attacks, Google focused on a DNS resolver. As mobile functions migrated to data networks, DNS became one is a fundamental part of how phones work. Google explains that DNS requires parsing invalid data, making it a huge security problem, but it’s a problem you can solve with Rust.
Google chose hickory-proto an open source Rust DNS library that is not particularly optimized, but has wide adoption and support. The modem in Pixel phones is not a memory-constrained environment, which allowed the team to use a Rust component to make DNS more secure in existing code. The team removed standard library dependencies, allowing machine code to be compiled to run faster and then grafted onto existing C/C++ modem code. In total, the Rust components added 371KB that could run on the Pixel modem.
Attempting to trigger the vulnerability by manipulating memory in this system would hit the Rust wall – it cannot be affected by malicious DNS packets. Pixel 10 phones are the first to ship with this more secure modem implementation. Google hopes that this work will allow other platforms to make similar improvements, but the company notes that the size of its chosen Rust library could be a problem for simpler embedded systems. It may be possible to solve this in the future by making the library more modular. Google also sees this work as a key to integrating more memory-safe components into the mobile baseband in time.
