Grahamcluley
Google Fixes Vulnerability in Gemini Allowing SMS from Locked Android Devices
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A vulnerability in Google's Gemini AI assistant allows unauthorized users with physical access to locked Android 16 devices to send SMS and WhatsApp messages without entering a PIN. This exploit, reported since May 2026, involves a specific multi-touch gesture that bypasses authentication prompts. Users can enable Gemini's access to previously disconnected apps like WhatsApp without proper authentication. Google has acknowledged the issue and is rolling out a fix this week. The vulnerability is not limited to specific devices, although some users reported it on Pixel models. The risk is significant due to the prevalence of phone theft and the potential for misuse in scams. Users are advised to limit Gemini's access from the lock screen until the patch is applied.
Key Points: • A vulnerability allows SMS and WhatsApp messages to be sent from locked Android devices. • Exploitation requires physical access to the device and involves a specific multi-touch gesture. • Google is deploying a fix for the vulnerability within the week.