Gemini Voice Assistant Hijacked via Messaging Notifications

SafeBreach discovered a vulnerability in Google's Gemini voice assistant that allows attackers to hijack it via messaging notifications. The attack, named Fake Context Alignment, uses hidden commands in WhatsApp, Slack, and SMS messages to inject malicious prompts. These prompts are processed by Gemini without user awareness, enabling control of smart home devices, launching Zoom calls, and poisoning the assistant's memory. The flaw was disclosed in August 2025 and patched in mid-November 2025.