HeadlinesBriefing favicon HeadlinesBriefing.com

Gemini lockscreen bypass lets SMS be sent without PIN

GSMArena •
×

In the fast‑moving world of mobile software, glitches pop up when privileged apps like Gemini can run from the lock screen. The recent issue is a classic authentication‑bypass—also called a lockscreen bypass—where the system is tricked into skipping the PIN prompt.\n\nWhen a user turns off Gemini’s access to the Messages app, a physical attacker can still trigger it from the lock‑screen. By pressing the “Add attachment” button at the same time as Continue, the director bypasses the PIN.

The attacker then gains full SMS rights and even re‑enables WhatsApp, which had been disabled in Gemini’s settings, effectively turning the device into a covert messaging tool.\n\nGoogle has known about this flaw since May on Android 16 and has already rolled out a fix. It isn’t limited to Pixel phones; the vulnerability could affect any Android flavor, though details are still unclear.\n\nSimilar edge‑case exploits are common on other platforms. iOS communities hunt for bypasses that can unlock and resell stolen devices, so the problem is far from unique to Android. Such vulnerabilities highlight the ongoing challenge of securing privileged apps.