Google Gemini Flaw Let Hackers Control Smart Homes Through Text Messages

What Just Happened

Security researchers discovered a serious flaw in Google's Gemini voice assistant that let attackers control smart home devices just by sending specially crafted messages. The vulnerability has been disclosed, putting millions of smart home users at risk if they haven't updated their systems. This isn't theoretical: researchers proved they could unlock doors, start video calls, and trigger other connected devices without the homeowner's knowledge.

The Details

Here's how the attack worked. When you receive a message notification on your phone, Gemini can read it aloud or process it as a command. Researchers found they could send messages containing hidden instructions that Gemini would interpret as legitimate voice commands. The assistant couldn't tell the difference between a command you spoke and one buried in a text message.

The attacker didn't need physical access to your home or even your WiFi network. They just needed your phone number or a way to send you a message through any app Gemini monitors. Once the malicious message arrived, Gemini would execute the embedded command, controlling whatever smart devices you had connected.

This type of attack is called notification manipulation. It exploits the trust relationship between your voice assistant and the apps on your phone. Your assistant assumes notifications are safe information to process, but attackers turned them into a weapon.

Who Is Affected

Anyone using Google Gemini as their voice assistant with smart home devices connected is potentially vulnerable. This includes people with smart locks, security cameras, thermostats, garage doors, or smart lighting systems linked to their Google account.

Families who rely on voice assistants for convenience are especially at risk. If you've set up routines, granted Gemini control over home security features, or use it to manage your kids' devices, this vulnerability could expose your entire household. Seniors who use voice assistants for accessibility may also be targeted since they often have elevated permissions enabled.

What You Should Do Right Now

1. Update your Google app and Gemini immediately. Open the Google Play Store or Apple App Store, search for Google and Gemini, and install any available updates. Google has patched this vulnerability in recent versions.

The Bigger Picture

This vulnerability highlights a growing problem: our homes are getting smarter, but the connections between devices create new attack surfaces. Voice assistants have become central control points for dozens of devices, making them high-value targets. As we add more connected devices to our homes, each integration creates potential security gaps. Staying informed about these vulnerabilities as they emerge is no longer optional for families who value their privacy and safety.

How GetCyberRight Can Help

Our Cyber Threat Radar tool tracks emerging IoT and smart home vulnerabilities the moment they're disclosed. Instead of waiting to hear about threats on the news, you'll get timely alerts about risks affecting your specific devices. The tool translates technical security bulletins into clear action steps, so you know exactly what to do to protect your family. Smart home security moves fast, and Cyber Threat Radar helps you keep pace.