Google shoehorned Rust into Pixel 10 modem to make legacy code safer

Modern smartphone operating systems have myriad systems in place to improve security, but none of that helps when attackers target the modem. Google's Project Zero team has shown it's possible to get remote code execution on Pixel phone modems over the Internet, which prompted Google to reevaluate how it secures this vital, low-level system. The solution wasn't to rewrite modem software but rather to shoehorn a safer Rust-based component into the Pixel 10 modem. Cellular modems are something of a black box. Your phone's baseband is its own operating system running legacy C and C++ code, which makes it an increasingly appealing attack surface. The core issue is that memory management in these systems is difficult and often leads to memory-unsafe firmware code on production devices. That can allow attackers to leverage serious vulnerabilities like buffer overflows and memory leaks to compromise devices. So that's not great—why are we still using this stuff? Part of the issue is just the inertia of embedded systems. Companies have been developing modem firmware based on 3GPP specifications for decades, so there's a lot of technical debt at this point. Modems also have to operate in real time to send and receive data effectively, and C/C++ code is fast. Read full article Comments