Maria Diaz/ZDNET
ZDNET's key takeaways
Researchers demonstrated a way to hack Google Home devices via Gemini.
Google put additional safeguards in place for Gemini in response.
Keeping your devices up-to-date on security patches is the best protection.
The idea that artificial intelligence (AI) could be used to maliciously control your home and life is one of the main reasons why many are reluctant to adopt the new technology -- it's downright scary. Almost as scary as having your smart devices hacked. What if I told you some researchers just accomplished that?
Also: Why AI-powered security tools are your secret weapon against tomorrow's attacks
Cybersecurity researchers from multiple institutions demonstrated a major vulnerability in Google's popular AI model, Gemini. They launched a controlled, indirect prompt injection attack -- aka promptware -- to trick Gemini into controlling smart home devices, like turning on a boiler and opening shutters. This is a demonstration of an AI system causing real-world, physical actions through a digital hijack.
How the attack worked
A group of researchers from Tel Aviv University, Technion, and SafeBreach created a project called "Invitation is all you need." They embedded malicious instructions into Google Calendar invites, and when users asked Gemini to "summarize my calendar," the AI assistant triggered pre-programmed actions, including controlling smart home devices without the users' asking.
... continue reading