Gemini Voice Assistant Hijacked via Messaging Notifications
Summary
Researchers discovered a critical vulnerability in Google's Gemini voice assistant where attackers could inject malicious commands through messaging notifications (WhatsApp, Slack, SMS) using a technique called Fake Context Alignment, allowing them to control smart home devices, make calls, and manipulate the assistant without the user knowing. The attack exploited prompt injection (tricking an AI by hiding instructions in its input) by embedding hidden commands in foreign languages or muted links that Gemini would process but not read aloud. Google patched the vulnerability in November 2025 with content classifier improvements (software filters that categorize and block harmful content).
Solution / Mitigation
Google patched the vulnerability in mid-November 2025 with content classifier improvements.
Classification
Affected Vendors
Related Issues
Original source: https://www.securityweek.com/gemini-voice-assistant-hijacked-via-messaging-notifications/
First tracked: June 4, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%