🟠 High  |  Source: The Register — Security


A bug in Android allows a specific multi-touch gesture to bypass the lock screen authentication prompt, enabling Google’s Gemini AI assistant to send SMS messages without requiring a PIN or biometric verification. The flaw means a physical attacker with access to a locked device could send arbitrary text messages, potentially impersonating the device owner. Google is actively working on a fix.

Security Architect’s Take: Ensure Android devices in your organisation’s mobile fleet are updated promptly once Google releases the patch; in the interim, consider enforcing MDM policies that restrict AI assistant access from the lock screen, and review BYOD policies to assess exposure risk.

Original advisory: Google fixing Android lock screen bug that lets Gemini send SMS without a PIN