Google Gemini security flaw lets hackers hijack your Android phone via WhatsApp — what you need to know
Publish Date: 2026-06-04 12:38:00
Source Domain: www.tomsguide.com
If you’re an Android user, you probably don’t think twice when a routine notification pops up on your phone, especially if it looks like a normal text, Slack message or WhatsApp alert.
But new research suggests those everyday notifications can create a far stranger security risk than a suspicious link. In some cases, the message does not need to be opened, tapped or downloaded to become dangerous. It only needs to be processed by Gemini.
That is the concern raised by cybersecurity firm SafeBreach Labs, which uncovered a notification-based prompt injection vulnerability affecting Google Gemini on Android.
Latest Videos From
According to the researchers, attackers could send hidden instructions through ordinary messaging notifications, allowing Gemini’s voice assistant to silently absorb malicious commands as part of its conversation context.
SafeBreach says the technique could be used to manipulate Gemini’s responses, fake messages from trusted contacts, trigger connected tools, control smart home devices or even poison Gemini’s long-term memory. The company also says Google has since rolled out content classifier updates designed to mitigate the vulnerability.
You may like
How the attack works
The vulnerability relies on a threat category known as Indirect Prompt Injection. This happens when an attacker hides malicious commands inside content they know an AI is going to read, rather than typing the command directly into the AI prompt window.
Because Google Gemini’s Android assistant is designed to scan incoming notifications to provide helpful, context-aware responses, it automatically reads incoming alerts.
Google already utilizes advanced machine learning filters to stop Gemini from following instructions embedded in external text. However, SafeBreach found that by carefully structuring the hidden text — sometimes burying it in…
