Gemini Voice Assistant Hijacked via Messaging Notifications

Attackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls. The post Gemini Voice Assistant Hijacked via Messaging Notifications appeared first on SecurityWeek .

SecurityWeek reports that SafeBreach researchers found a prompt injection flaw in Google’s Gemini voice assistant on Android, where maliciously crafted messaging notifications (e.g., from WhatsApp, Slack, SMS, Signal) could be interpreted as instructions, allowing attackers to hijack Gemini and perform actions such as controlling smart home devices via Google Home or initiating Zoom video calls.[1][2][6] Google has deployed server-side mitigations, and there is no evidence of exploitation in the wild so far.[2][6] From a CyberSE.AI perspective, this illustrates how any external, user-visible content (like notifications) that an AI agent treats as trusted context becomes an effective, large attack surface for prompt injection and unauthorized action execution. Organizations deploying voice or multi-modal AI agents should continuously red team these interaction paths, simulate poisoned notifications or messages, and enforce stricter action-authorization and contextual filtering to prevent similar hijacks.