Google Gemini Vulnerable to Android Notification Attacks

A single infected notification via WhatsApp, Slack, or other apps could compromise Google Gemini on Android. The voice assistant might open connected windows, impersonate a professional message, initiate a Zoom call without the user’s knowledge, or even alter long-term memory. Worse still, no malicious app installation is required to exploit this flaw.

A latent remote-exploitable risk

This vulnerability, identified by cybersecurity researchers, stems from how the voice assistant interprets notifications. By crafting a message designed to deceive the system, an attacker could manipulate Gemini into executing sensitive actions. The threat is particularly alarming because it doesn’t require direct access to the device—just sending an SMS, Slack message, or WhatsApp alert is enough.

Potential consequences extend beyond immediate threats

Attack scenarios include the unintended opening of confidential documents, the spread of fake communications under a superior’s name, or the activation of video call functions. While Google has not yet issued a patch, this flaw raises concerns about the resilience of voice assistants against indirect threats.

Until an update is available, users are advised to remain vigilant about suspicious notifications and limit permissions granted to third-party apps.

Source: The Hacker News. Editorial synthesis assisted by AI — TechnoExpress.