Experts warn that a simple calendar entry can compromise your smart home security. Researchers from Tel Aviv University demonstrated a prompt-injection attack using Google’s Gemini AI, demonstrating how it can be manipulated through a compromised calendar event. These attacks exploit Gemini’s access to the Google ecosystem, using natural language prompts to control smart devices. By inserting malicious commands into seemingly benign appointments, attackers can activate devices like lights and boilers via typical user phrases like “thanks.”
This new method, termed “promptware,” highlights vulnerabilities where AI can blend social engineering with automation, risking everything from unauthorized device control to identity theft. While Google has begun rolling out enhanced protections against such threats, concerns remain about their scalability. Users should limit AI access to personal data, avoid storing sensitive information in calendar events, and remain alert for any unusual device behavior. Traditional security measures are inadequate against this emerging class of attack, emphasizing the need for increased vigilance.
Source link
