Google Adds Rust DNS Parser to Pixel Phones for Better Security
The parser is meant to mitigate the entire class of memory safety bugs in the low-level environment.
Aggregated from SecurityWeek
This article was automatically aggregated from an external source. Content may be summarized.
Full Analysis
As part of its ongoing efforts to enhance the security of Pixel phones, Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware.
The move builds on previously announced deployment of Rust in low-level firmware codebases to eliminate memory safety issues that have historically plagued legacy C and C++ code in both Android and Chrome.
According to Google, attackers have shown an increased interest in targeting the cellular modem in recent years, and Pixel’s modem contains a large amount of executable code, creating a complex and remote attack surface.
“The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying the foundation for broader adoption of memory-safe code in other areas,” Google says.
Mostly associated with internet browsing, the DNS protocol plays a significant role in modern cellular technology and communications, with operations such as call forwarding relying on DNS services nowadays.
“DNS is a complex protocol and requires parsing of untrusted data, which can lead to vulnerabilities, particularly when implemented in a memory-unsafe language. Implementing the DNS parser in Rust offers value by decreasing the attack surfaces associated with memory unsafety,” Google explains.
Advertisement. Scroll to continue reading.
The internet giant chose the hickory-proto library for the DNS implementation, modified it for bare metal and embedded use, compiled the necessary Rust crates for its use, eliminated performance issues, and then implemented the necessary DNS responding parsing function API.
The Pixel 10 series devices, Google notes, are the first products to integrate the memory-safe language into the modem, thus marking a significant moment in advancing the series’ security.
“While replacing one piece of risky attack surface is itself valuable, this project lays the foundation for future integration of memory-safe parsers and code into the cellular baseband, ensuring the baseband’s security posture will continue to improve as development continues,” the company says.
Related: Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users
Related: Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users
Related: Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access
Originally published by SecurityWeek
Original Source
SecurityWeek