🟠 High | Source: The Hacker News
A vulnerability in Google Gemini’s Android integration allowed malicious content embedded in notifications from apps such as WhatsApp, Slack, Signal, and SMS to hijack the AI assistant without requiring any installed malware. An attacker could craft a poisoned notification that caused Gemini to open browser windows, impersonate contacts, initiate calls, or corrupt the assistant’s long-term memory. This is a prompt injection attack exploiting the trust Gemini places in notification content it processes.
Architect’s Take: Organisations deploying Android devices with Gemini enabled should review mobile device management (MDM) policies to restrict AI assistant access to sensitive notification streams, and treat AI assistants as untrusted data processors when designing data-handling workflows. Raise awareness with security teams about prompt injection as a realistic attack vector on enterprise mobile estates.
Original advisory: WhatsApp, Slack Notifications Could Hijack Google Gemini on Android