Android Gemini prompt injection flaw patched by Google

As reported by Tech Radar, a significant security vulnerability affecting Android devices and specifically the Gemini AI assistant has been identified and addressed. The flaw, a prompt injection exploit, allowed malicious actors to embed hidden commands within seemingly benign notifications.

SafeBreach researchers discovered that prompt injection attacks could be executed on Android phones if a user instructed Gemini to read their pending notifications. The attack method involved embedding a malicious instruction, often in a foreign language, alongside a benign question. For instance, a notification might appear to ask a simple question in English, but contain a hidden command in Chinese. If the user responded affirmatively to the benign part, they could inadvertently approve the execution of the hidden malicious command, such as extracting contacts and sending them to an attacker-controlled address.

The core issue was the AI's inability to distinguish between legitimate data and malicious instructions. SafeBreach researchers disclosed the vulnerability to Google in August, and the company implemented a server-side fix in November, meaning no user action or app update was required.

Source: Tech Radar