Security company SafeBreach recently revealed a critical security vulnerability in Google's Gemini voice assistant. Hackers can send specially crafted notification messages via WhatsApp or SMS, hiding malicious commands within text in other languages or "silent hyperlinks." This attack method, known as "pseudo-context alignment," can cleverly bypass the system's security defenses. Once users receive such messages, Gemini can be "jailbroken" without the victim's awareness, and the system will mistakenly assume the user has approved the relevant permissions.

Highly Deceptive Dual Attack Methods

This vulnerability primarily implements attacks through two methods. The first is to deceive users using "multilingual confusion." Hackers secretly append foreign languages that the target user cannot understand behind ordinary Chinese prompts. Users may mistake them for garbage characters and blindly click "agree," leading to the execution of malicious commands hidden in the foreign language. The second method specifically targets voice interaction scenarios, exploiting the fact that Gemini automatically skips hyperlink text when reading aloud. Hackers hide malicious code in links, and users hear a normal question and verbally answer "yes," but the system will instead determine that the user has approved the sensitive authorization in the link.

Smart Homes and Privacy Face Serious Threats

Security researchers emphasized that this security vulnerability is highly dangerous and could directly lead to hackers illegally taking over or controlling users' smart home devices. Additionally, hackers can secretly modify contact numbers in users' phone directories through this vulnerability, creating potential for larger-scale social engineering fraud in the future. Although Google has made emergency improvements to the content classifier mechanism after receiving the report, this incident once again sounds the alarm for the security verification mechanisms of AI assistants in multilingual environments and voice interactions.