Not so smart anymore - researchers hack into a Gemini-powered smart home by hijacking...Google Calendar?

Date:
Sun, 10 Aug 2025 19:51:00 +0000

Description:
Fake Google Calendar event used to trick Gemini into controlling smart
devices, exposing a major AI vulnerability.

FULL STORY

The promise of AI-integrated homes has long included convenience, automation, and efficiency, however, a new study from researchers at Tel Aviv University has exposed a more unsettling reality.

In what may be the first known real-world example of a successful AI prompt-injection attack, the team manipulated a Gemini-powered smart home
using nothing more than a compromised Google Calendar entry.

The attack exploited Geminis integration with the entire Google ecosystem, particularly its ability to access calendar events, interpret natural
language prompts, and control connected smart devices.

From scheduling to sabotage: exploiting everyday AI access

Gemini, though limited in autonomy, has enough agentic capabilities to
execute commands on smart home systems.

That connectivity became a liability when the researchers inserted malicious instructions into a calendar appointment, masked as a regular event.

When the user later asked Gemini to summarize their schedule, it
inadvertently triggered the hidden instructions.

The embedded command included instructions for Gemini to act as a Google Home agent, lying dormant until a common phrase like thanks or sure was typed by
the user.

At that point, Gemini activated smart devices such as lights, shutters, and even a boiler, none of which the user had authorized at that moment.

These delayed triggers were particularly effective in bypassing existing defenses and confusing the source of the actions.

This method, dubbed promptware, raises serious concerns about how AI
interfaces interpret user input and external data.

The researchers argue that such prompt-injection attacks represent a growing class of threats that blend social engineering with automation.

They demonstrated that this technique could go far beyond controlling
devices.

It could also be used to delete appointments, send spam, or open malicious websites, steps that could lead directly to identity theft or malware infection.

The research team coordinated with Google to disclose the vulnerability, and
in response, the company accelerated the rollout of new protections against prompt-injection attacks, including added scrutiny for calendar events and extra confirmations for sensitive actions.

Still, questions remain about how scalable these fixes are, especially as Gemini and other AI systems gain more control over personal data and devices.

Unfortunately, traditional security suites and firewall protection are not designed for this kind of attack vector.

To stay safe, users should limit what AI tools and assistants like Gemini can access, especially calendars and smart home controls.

Also, avoid storing sensitive or complex instructions in calendar events, and dont allow AI to act on them without oversight.

Be alert to unusual behavior from smart devices and disconnect access if anything seems off.

Via Wired

======================================================================
Link to news story: https://www.techradar.com/pro/security/not-so-smart-anymore-researchers-hack-i nto-a-gemini-powered-smart-home-by-hijacking-google-calendar

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)