A new research study has found a serious security issue in Google’s Gemini AI assistant. It says a single fake or “poisoned” notification could trick the AI system on Android phones. The notification could come from apps like WhatsApp, SMS, Slack, Instagram, Signal, or Messenger.
WhatsApp Notification Could Expose Gemini AI to Security Risk, Research Finds
Researchers say this could allow attackers to misuse the AI assistant without installing any harmful app on the phone. They explain that the system may treat these notifications as real instructions, which increases the risk of misuse.
How the Attack Works
The attack only works on Android devices. This is because Gemini can read and respond to notifications on Android phones. Researchers found that Gemini may treat notification text like normal instructions. This means a fake message could guide the AI to take actions. For example, it could:
- Pretend to send a message from a boss
- Open apps automatically
- Join video calls like Zoom
- Even change stored memory inside Gemini
What Makes It Dangerous
Experts say this is dangerous because users trust AI assistants. A fake voice message from Gemini could sound real and urgent. For example, it could say, “You must upload files to this link.” If a user hears this while driving or busy, they may follow it without checking. Researchers also found that the attack can use real contact names from messages. This makes fake messages look more believable. In related tech updates, features like the WhatsApp logout feature are also being tested to improve user control and account security.
Read more: WhatsApp to End Support for Older Android Phones in September 2026
How Attackers Could Use It
If the attack works, hackers gain control of way more than just messages. They can take over smart home stuff like lights and windows. Plus, they use IP data to track where a user is. Some sneaky tactics involve forcing downloads or opening harmful links on the device.
The attackers might drag users into bogus video calls, say on Zoom. This trick makes the scam more convincing and super scary for the person attacked. Even then, it gets worse because these crooks could save phony info in Gemini’s memory. The fakes can linger in the system for ages, popping up on every device linked to the same account.
Bypass Method Used by Researchers
Researchers also found ways to bypass Google’s safety checks. They used a method that confused the AI into accepting hidden commands. In one case, Gemini showed a message in a different language and mixed it with normal text. Users might ignore part of the message and unknowingly approve hidden actions. Another trick hid dangerous instructions inside links that the AI did not read out loud.
Read more: WhatsApp to Introduce Chat Summaries for Unread Messages to Help Users Catch Up Faster
Fix and Google Response
The research was reported to Google in August 2025. Google later confirmed the issue in November 2025 and fixed it through server-side updates. This means users do not need to install any updates. The fix was applied automatically. Google also said it is improving its AI safety systems to stop similar attacks in the future.
Safety Advice for Users
Users can reduce risk by changing some settings. They can:
- Turn off notification access for Gemini
- Disconnect utilities in Gemini settings
- Limit AI control over apps on Android
Experts point out that this research serves as a key reminder: AI assistants are useful, but they come with new security risks, particularly if they access info from other apps. This study found that AI helpers like Gemini could be fooled by basic notifications. Though Google fixed the problem, researchers advise users to stay cautious. With AI growing stronger, these security issues might become bigger too. News source eTimes Pakistan.
