Researchers from SafeBreach have discovered a significant flaw in Gemini, Google’s AI assistant, that allows attackers to exploit malicious Google Calendar invites. This vulnerability enables hackers to remotely control Gemini agents without requiring significant user interaction. The attack involves sending calendar invites containing hidden prompt injections in event titles, which can exfiltrate sensitive user data like emails and Calendar info. Once a victim engages with Gemini, their innocuous request can trigger harmful actions such as altering Calendar events, disclosing IP addresses, or controlling smart devices via Google Home. Notably, the attack can occur even without white-box model access, bypassing existing safety measures. Victims typically won’t realize they’ve been compromised unless they expand their event list to see the malicious invite. Google has promptly issued a fix and acknowledged the researchers’ work in addressing this vulnerability. This incident highlights the dual-edged nature of Google’s extensive ecosystem of services.
Source link
Share
Read more