Google is integrating the Rust programming language into the Pixel 10 modem to address critical security flaws in legacy firmware. The move follows successful demonstrations by Google's Project Zero team showing that attackers could achieve remote code execution on Pixel devices via the internet.
Cellular modems operate on their own independent operating systems, often relying on decades of legacy C and C++ code. This architecture creates a significant attack surface due to inherent memory management difficulties.
According to technical reports, these memory-unsafe practices allow for vulnerabilities such as buffer overflows and memory leaks. Project Zero researchers have already identified more than two dozen Exynos modem vulnerabilities, 18 of which were classified as severe.
Replacing unsafe memory management
Google's strategy involves shoehorning Rust-based components into the existing modem architecture rather than performing a full software rewrite. This approach targets the specific memory loopholes that hackers exploit.
Rust provides a memory-safe alternative without the performance penalties of languages like Python or C#. Unlike those languages, Rust does not rely on garbage collection, which can slow down the real-time processing required for modem firmware.
Engineers face significant hurdles due to the technical debt of 3GPP specifications used in modem development for decades. The speed of C/C++ remains necessary for real-time data transmission, making a total transition difficult.
By implementing Rust, Google aims to secure the baseband's low-level systems against the types of exploits demonstrated by its own security researchers. The integration seeks to protect the device even when the primary Android operating system's security layers are bypassed.
