Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

Google Android lock screen flaw lets Gemini bypass PIN to send texts

A multi-touch gesture on Android devices can bypass the lock screen authentication prompt, allowing anyone to send SMS messages via Google's Gemini assistant. Google has confirmed it is working on a fix for the vulnerability.

  • A specific multi-touch gesture on Android bypasses the lock screen PIN prompt for Google Gemini.
  • The flaw allows an unauthorised user to send SMS messages without unlocking the device.
  • Google has acknowledged the issue and is developing a software patch.
  • The vulnerability raises concerns about data privacy and device security for UK users.
  • The UK's ICO may scrutinise the incident under data protection regulations.

Google has confirmed it is working to patch a security flaw in its Android operating system that allows the Gemini AI assistant to send SMS messages without requiring a lock screen PIN. The vulnerability, triggered by a specific multi-touch gesture, bypasses the authentication prompt that normally prevents unauthorised access to messaging functions.

The issue affects Android devices where Gemini is set as the default digital assistant. By performing the gesture on the lock screen, an attacker or anyone with physical access to the phone can instruct Gemini to compose and send text messages, circumventing the device's primary security layer. Google has not yet disclosed which Android versions are affected or when the patch will be released, but has stated a fix is in development.

For UK consumers, the flaw poses a significant privacy and security risk. A lost or stolen phone could be used to send messages without the owner's knowledge, potentially enabling fraud or harassment. Businesses that rely on Android devices for work communications may face data exposure risks, particularly if sensitive information is shared via SMS. The vulnerability also highlights the broader challenge of integrating powerful AI assistants with core device security controls.

The UK's Information Commissioner's Office (ICO) may take an interest in the incident, as the bypass could lead to unauthorised processing of personal data. Under UK data protection law, organisations must ensure that AI systems handling personal data do so securely. Separately, the EU AI Act, which classifies AI systems by risk level, could impose stricter requirements on assistant technologies like Gemini if they are deemed to pose systemic risks to users' privacy or security.

Dr. Priya Sharma, a cybersecurity researcher at the University of Cambridge, said: 'This flaw is a reminder that convenience features in AI assistants can inadvertently weaken device security. While Google's quick response is welcome, the incident underscores the need for rigorous testing of AI integrations with core operating system functions.' For UK businesses, the risk is twofold: employee devices could be exploited, and any corporate data sent via compromised SMS could lead to regulatory penalties under GDPR.

Google has not specified a timeline for the fix, but users are advised to disable Gemini as the default assistant on the lock screen until a patch is available. The incident adds to growing scrutiny of AI assistants' security postures, as regulators worldwide push for greater transparency and accountability in how these systems handle user data.

Why this matters: This vulnerability directly threatens the security of millions of Android users in the UK, potentially allowing unauthorised access to messaging services and personal data. It also raises questions about the safety of integrating AI assistants with core device security features.

What this means for you: What this means for you: If you use an Android phone with Gemini as your default assistant, someone with physical access to your locked device could send texts without your PIN. Disable Gemini on the lock screen until Google issues a fix.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.