Google Calendar invite used to hack Gemini-powered smart home

Researchers have demonstrated how a compromised Google Calendar invite can be used to hijack a Gemini-powered smart home without the user’s knowledge.

The successful “prompt-injection” attack, carried out by a team from Tel Aviv University, exploited the deep integration between Gemini, Google Calendar and connected smart devices.

The attack, dubbed “promptware” by the researchers, turned a simple calendar event into a Trojan horse. The team inserted malicious, hidden instructions into a calendar appointment. When a user later asked Gemini to summarize their day’s schedule, the AI assistant unknowingly triggered these commands.

The malicious code was designed to lie dormant until the user spoke a common phrase like “thanks” or “sure,” at which point it would activate smart devices, such as lights or a boiler, without the user’s consent.

This method is particularly alarming because it bypasses traditional security measures like firewalls and anti-malware software, which are not designed to detect this type of social engineering blended with automation.

The researchers warn that the technique could be used for more than just turning on devices. A similar attack could be used to delete calendar appointments, send spam emails, or open malicious websites, potentially leading to far more serious consequences such as identity theft or malware infections.

In response to the disclosure, Google has reportedly accelerated the rollout of new protections for Gemini, including added scrutiny for calendar events and extra confirmations for sensitive actions. However, security experts are urging users to take their own preventative measures.

This includes limiting what AI assistants can access, avoiding complex or sensitive instructions in calendar events, and staying alert for any unusual or unauthorized behaviour from smart home devices. The incident serves as a stark warning about the evolving threats to our increasingly interconnected digital lives.

Via Wired