Google has resolved a critical vulnerability in Gemini, its large language model (LLM) assistant, that allowed attackers to exploit Google Calendar invites for unauthorized actions on user devices. The attack involved embedding a malicious prompt in a calendar event, which, upon user interaction, enabled attackers to extract sensitive data, control smart home devices, and trigger applications without user consent. This exploit demonstrated the risks associated with Gemini’s extensive permissions across services like Gmail and Google Home. SafeBreach researchers highlighted that a series of six invites could be required for stealth, with the malicious prompt only appearing in the final invite. Google has affirmed ongoing efforts to enhance protections against such attacks, emphasizing the importance of collaboration within the cybersecurity community. Users are encouraged to stay informed about potential vulnerabilities and the security measures Google is implementing to safeguard their data.
Source link
Share
Read more