Rita El Khoury / Android Authority
TL;DR Researchers found a way to hide malicious instructions within a normal Google Calendar invite that Gemini can unknowingly execute.
When users asked Gemini about their schedule, it could be tricked into summarizing their private meetings and leaking that data into a new event.
Google was duly notified and has added new protections, but the issue highlights how AI features can be abused through natural language.
Google recently made Gemini a lot more useful by letting it work across multiple Calendars, not just your primary one. You can now ask about events or create new meetings across secondary calendars using natural language. But just as that update rolled out, security researchers shared a worrying new finding about how Gemini can be exploited to access someone’s private and confidential Calendar information.
Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.
Researchers at Miggo Security (via BleepingComputer) discovered a way to abuse Gemini’s deep integration with Google Calendar to access private calendar data using nothing more than a calendar invite.
How does it work?
Rita El Khoury / Android Authority
... continue reading