Security researchers at SafeBreach have found a way to trick Google’s Gemini voice assistant into doing things you never asked it to do — through ordinary-looking notifications on your phone. The attack works by hiding malicious instructions inside app notifications. When Gemini reads or summarizes those notifications (a feature many users have enabled), it follows the hidden commands as if they came from you. Depending on what permissions Gemini has, a crafty attacker could use this to control smart home devices, start unauthorized video calls, or quietly alter how Gemini responds to you in future conversations.
The technique is subtle: the researchers found that attackers can disguise instructions in a foreign language or hide them inside invisible hyperlinks buried within a notification. Gemini speaks a normal-sounding English response while silently executing the hidden command in the background — so you might never notice. Google has been notified and is working on a fix. In the meantime, reviewing and trimming the permissions you have granted Gemini is a simple way to reduce your exposure.
How to check if you’re affected
Affected products include the Google app on Android and iOS when Gemini integration is enabled. Open your phone’s Settings → Apps → Google → Permissions and check which features Gemini can access. If Gemini has access to your messages, notifications, or smart home controls and you do not actively use those features, consider disabling them until Google releases a patch.