Revise my Google Calendar invites to indicate that researchers are exploiting Gemini to access user data for improved SEO.

ByAdmin

Google recently addressed a significant vulnerability that allowed maliciously crafted Google Calendar invites to remotely compromise Gemini agents on users’ devices, potentially leaking sensitive data. This attack could unfold without any user involvement beyond standard interactions with the assistant, which are common for Gemini users. Gemini, Google’s large language model (LLM) assistant, is integrated into Android, Google web services, and Google Workspace apps, granting it access to Gmail, Calendar, and Google Home. By sending a calendar invite containing an embedded prompt injection, often concealed within the event title, attackers could exfiltrate email content, track the victim’s location, control smart home devices, open apps on Android, and initiate Zoom video calls. SafeBreach researchers demonstrated that this attack did not require white-box model access and was not mitigated by existing prompt filtering or other protective measures in Gemini.

The attack commenced with a Google Calendar event invite sent to the target, featuring an indirect prompt injection in the event title. When the victim interacted with Gemini, such as by asking, “What are my calendar events today?”, Gemini would retrieve the list of events from Calendar, including the malicious title embedded by the attacker. This title would become part of Gemini’s context window, leading the assistant to treat it as a legitimate part of the conversation, unaware of its hostile nature. Depending on the prompt used by the attacker, they could trigger various actions, including wiping or editing Calendar events, retrieving the target’s IP address, joining a Zoom call, controlling physical devices via Google Home, or accessing emails to extract sensitive user data. Notably, the attacker might need to send up to six Calendar invites to maintain stealth, as only the five most recent events are displayed, with older ones hidden under a ‘Show more’ button. Google has stated that it is continuously implementing new safeguards for Gemini to defend against a wide range of adversarial attacks, with many mitigations planned for imminent deployment. 

Categories: Cybersecurity, Vulnerabilities, AI Assistants 

Tags: Google, Calendar, Invites, Gemini, Attack, Prompt Injection, Sensitive Data, Exfiltration, Permissions, Safeguards 

Leave a Reply

Your email address will not be published. Required fields are marked *