Google shared its experience of utilizing Rust code in the firmware for the baseband modem provided in Pixel 10 smartphones. The code responsible for handling the DNS protocol in the firmware has been swapped out with the Rust library hickory-proto, which was created by the developers of the Hickory DNS server used in the Let’s Encrypt infrastructure.
This integration of hickory-proto into the firmware was part of an effort to enhance the security of the baseband modem. The firmware for the baseband modem includes a DNS handler, as this protocol is utilized in modern cellular networks, particularly in call forwarding. However, DNS is a complex protocol that requires parsing external data that may be untrustworthy. Previously, Google had identified vulnerabilities in the baseband modem firmware of Pixel devices, such as the discovery of a vulnerability in 2024 which led to a buffer overflow when processing specially crafted DNS responses (CVE-2024-27227).
The adoption of a Rust DNS protocol parser is anticipated to decrease the potential attack surface and mitigate the risk of DNS exploitation stemming from vulnerabilities triggered by low-level memory manipulation errors. This project is also viewed as a foundation for broader implementation of memory-safe languages in other code components.
An issue highlighted is the relatively larger size of the resulting code, as the Hickory-proto library was not initially designed for embedded devices. The integrated components totaled 371KB, comprising 350KB of Hickory-proto code and dependencies, 17KB of auxiliary functions from the standard library, and 4KB of a layer for utilizing the library to process DNS server responses.
It is mentioned that an additional 300KB can be accommodated within the existing memory constraints for Pixel device modems, but for more resource-intensive embedded devices, optimization is essential to minimize code size. In the future, Hickory-proto intends to implement flags that will allow only the necessary functionality to be included during compilation.