Google Fixes Vulnerability in Gemini Allowing SMS from Locked Android Devices

Google Fixes Vulnerability in Gemini Allowing SMS from Locked Android Devices

First seen 17 Jul 2026, 23:55 UTC TheregisterGrahamcluleyinfosecwriteups.compayatu.com 91% similarity 60.6

Article Content

Browse articles
ThreatCluster

A vulnerability in Google's Gemini AI assistant allows unauthorized users with physical access to locked Android 16 devices to send SMS and WhatsApp messages without entering a PIN. This exploit, reported since May 2026, involves a specific multi-touch gesture that bypasses authentication prompts. Users can enable Gemini's access to previously disconnected apps like WhatsApp without proper authentication. Google has acknowledged the issue and is rolling out a fix this week. The vulnerability is not limited to specific devices, although some users reported it on Pixel models. The risk is significant due to the prevalence of phone theft and the potential for misuse in scams. Users are advised to limit Gemini's access from the lock screen until the patch is applied.

Key Points: • A vulnerability allows SMS and WhatsApp messages to be sent from locked Android devices. • Exploitation requires physical access to the device and involves a specific multi-touch gesture. • Google is deploying a fix for the vulnerability within the week.

ThreatCluster AI

Timeline

2026-05-01
Vulnerability reported
Multiple reports emerged of a bug allowing SMS and WhatsApp messages to be sent from locked Android devices using Gemini.
The Register
2026-07-17
Google acknowledges the bug
Google confirmed the vulnerability and announced a fix scheduled for deployment this week.
Grahamcluley
2026-07-17
Fix rollout planned
Google stated that a fix for the Gemini vulnerability is being rolled out to affected devices.
The Register

Community

Browse all →