TZUTC: -0500
MSGID: 1341.consprcy@1:2320/105 2cfe5dd9
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Not so smart anymore - researchers hack into a Gemini-powered smart home by
hijacking...Google Calendar?

Date:
Sun, 10 Aug 2025 19:51:00 +0000

Description:
Fake Google Calendar event used to trick Gemini into controlling smart
devices, exposing a major AI vulnerability.

FULL STORY

The promise of AI-integrated homes has long included convenience, automation,
and efficiency, however, a new study from researchers at Tel Aviv University
has exposed a more unsettling reality. 

In what may be the first known real-world example of a successful AI
prompt-injection attack, the team manipulated a Gemini-powered smart home
using nothing more than a compromised Google Calendar entry. 

The attack exploited Geminis integration with the entire Google ecosystem,
particularly its ability to access calendar events, interpret natural 
language prompts, and control connected smart devices.

From scheduling to sabotage: exploiting everyday AI access

Gemini, though limited in autonomy, has enough agentic capabilities to 
execute commands on smart home systems. 

That connectivity became a liability when the researchers inserted malicious
instructions into a calendar appointment, masked as a regular event. 

When the user later asked Gemini to summarize their schedule, it 
inadvertently triggered the hidden instructions. 

The embedded command included instructions for Gemini to act as a Google Home
agent, lying dormant until a common phrase like thanks or sure was typed by
the user. 

At that point, Gemini activated smart devices such as lights, shutters, and
even a boiler, none of which the user had authorized at that moment. 

These delayed triggers were particularly effective in bypassing existing
defenses and confusing the source of the actions. 

This method, dubbed promptware, raises serious concerns about how AI
interfaces interpret user input and external data. 

The researchers argue that such prompt-injection attacks represent a growing
class of threats that blend social engineering with automation. 

They demonstrated that this technique could go far beyond controlling 
devices. 

It could also be used to delete appointments, send spam, or open malicious
websites, steps that could lead directly to identity theft or malware
infection. 

The research team coordinated with Google to disclose the vulnerability, and
in response, the company accelerated the rollout of new protections against
prompt-injection attacks, including added scrutiny for calendar events and
extra confirmations for sensitive actions. 

Still, questions remain about how scalable these fixes are, especially as
Gemini and other AI systems gain more control over personal data and devices. 

Unfortunately, traditional security suites and firewall protection are not
designed for this kind of attack vector. 

To stay safe, users should limit what AI tools and assistants like Gemini can
access, especially calendars and smart home controls. 

Also, avoid storing sensitive or complex instructions in calendar events, and
dont allow AI to act on them without oversight. 

Be alert to unusual behavior from smart devices and disconnect access if
anything seems off. 

Via Wired

======================================================================
Link to news story:
https://www.techradar.com/pro/security/not-so-smart-anymore-researchers-hack-i
nto-a-gemini-powered-smart-home-by-hijacking-google-calendar

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426