Google Home devices are at risk due to a vulnerability in the Gemini AI technology used by the devices. Researchers from Tel Aviv University have discovered that Gemini can be tricked into controlling smart devices using malicious prompts. The issue was demonstrated at the Black Hat conference and shows how a prompt added to a Google Calendar invite can activate Gemini’s control over smart home devices.
To exploit this vulnerability, attackers would need to create a detailed prompt that could be hidden in an innocuous calendar invite title or email subject line. This prompt could then trigger Gemini to create a hidden agent and perform actions such as opening windows, turning off lights, or sending spam messages.
However, Google has taken steps to address the issue, introducing multiple fixes since February 2015. The company credits the researchers with providing their report and helping them understand novel attack pathways. To mitigate the risk, users can disable Gemini entirely in most cases. Despite the rarity of smart home hacking, this incident highlights the need for further security measures as these AI features become more widespread.
In a rapidly changing technology landscape, it’s essential to stay vigilant and address potential vulnerabilities before they’re exploited by malicious actors. As Google continues to roll out new AI features, it’s crucial to prioritize security and ensure that users are protected from such attacks.
Source: https://www.cnet.com/home/smart-home/researchers-seize-control-of-smart-homes-with-malicious-gemini-ai-prompts