Shutting down Gemini in this situation is a serious security breach

Worrying security situations happen from time to time, especially when it comes to complex software with a large number of devices using it. Matters become even more complicated when software is granted (knowingly or unknowingly) special privileges, such as the ability to run artificial intelligence Google Gemini directly from the lock screen.

This type of failure is known as bypass authentication (authentication bypass) or lockscreen bypass. It’s always fascinating to see what enthusiasts manage to discover or stumble upon during their daily use of the phone. Well, here, let’s watch the video first…

Do Not Allow Gemini On Lockscreen For Security. I wasn't the one who discovered this bug. READ BELOW

How this type of scam works

The scenario goes something like this. The user has knowingly disabled the Gemini app from accessing certain programs on the phone, such as the stock messaging app (Messages). Naturally, when someone with physical access to the device tries to activate Gemini from the lock screen and instructs it to send a message, the phone will duly ask for a PIN to verify identity. For now, the security system is working exactly as it should.

READ ABOUT:  That Elder Scrolls mobile game that no one alive has played is shutting down

However, this is where a serious software flaw in the interface comes into play. If the user presses Add attachment simultaneously with Continuethe system for some reason bypasses the PIN code check and allows the message to be sent.

And what’s worst, the privileges here don’t just stop at ordinary SMS messages. The video shows that it is attacker in this way managed to reactivate access to the WhatsApp application, although this option was previously completely disabled within the official settings for Gemini. What is particularly worrying is that these changes remain permanent. In this way, the owner of the phone can only notice later that his permissions have been changed without his knowledge. writes TheRegister.

Google is preparing an official patch

According to currently available information, this specific vulnerability has been reported since May for Android 16. Google is officially aware of this issue and a security fix is ​​in the process of being rolled out to users.

READ ABOUT:  Four new Honor phones certified with equally fast charging and 5G support

Currently, there is still no confirmed information about which all versions and modifications of Android are vulnerable to this specific trick. However, all active Pixel devices are known to be exposed to it.

What is worrying is how quickly other manufacturers will react to this patch and send it to users. Google will complete its work by delivering changes to each of the manufacturers. Then comes the hard part, so be sure to turn off all permissions for Google Gemini on the lock screen. At least until the next first cumulative patch for your device arrives.

Source link