A recent study from Tel Aviv University has exposed a vulnerability in Gemini-powered smart homes that can be exploited using malicious Google Calendar entries. Researchers demonstrated how a single calendar entry can silently hijack a smart home, controlling devices like lights, shutters, and even a boiler without the user’s knowledge or consent.
The attack works by manipulating Gemini’s integration with the Google ecosystem, particularly its ability to access calendar events, interpret natural language prompts, and control connected smart devices. By inserting malicious instructions into a calendar appointment, masked as a regular event, the researchers were able to trigger hidden commands that activated the smart home system.
The exploit relies on a common phrase like “thanks” or “sure” being typed by the user, which inadvertently triggers the malicious command. This technique, dubbed “promptware,” raises serious concerns about how AI interfaces interpret user input and external data.
Experts warn that such prompt-injection attacks represent a growing class of threats that blend social engineering with automation. The researchers argue that this technique could be used to delete appointments, send spam, or open malicious websites, potentially leading to identity theft or malware infection.
To stay safe, users are advised to limit what AI tools and assistants like Gemini can access, especially calendars and smart home controls. They should also avoid storing sensitive or complex instructions in calendar events and ensure that AI acts on them without oversight. Additionally, users should be alert to unusual behavior from smart devices and disconnect access if anything seems off.
The study’s findings have prompted Google to accelerate the rollout of new protections against prompt-injection attacks, including added scrutiny for calendar events and extra confirmations for sensitive actions. However, questions remain about how scalable these fixes are, particularly as Gemini and other AI systems gain more control over personal data and devices.
Source: https://www.techradar.com/pro/security/not-so-smart-anymore-researchers-hack-into-a-gemini-powered-smart-home-by-hijacking-google-calendar