All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Android Notification Vulnerability Allowed Malicious Prompts to Hijack Google Gemini

SafeBreach researcher Or Yair discovered a vulnerability called "Fake Context Alignment" where a single malicious notification on Android could trick Google Gemini into performing harmful actions like faking messages, opening windows, joining Zoom calls, and poisoning long-term memory — all without requiring any malicious app to be installed. Google has since patched the issue with server-side mitigations after the researcher reported it through Google's Vulnerability Reward Program.

CybersecurityNews1mo ago1 min readenNews
Read on hendryadrian.com

Key quotes

SafeBreach researcher Or Yair showed that a single poisoned notification on Android could trick Google Gemini into faking messages, opening windows, joining Zoom calls, and even poisoning long-term memory without any malicious app installed.
Google has since patched the issue with server-side mitigations after the Fake Context Alignment bypass was reported through its Vulnerability Reward Program.
Gemini on Android could treat hostile notifications as instructions.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.