- Researchers showed how a poisoned calendar invite could hijack Gemini and control smart home devices.
- The attack used indirect prompt injection to trigger actions like opening windows, turning off lights, and starting Zoom calls.
- Google says the specific flaws have been fixed, but experts warn similar AI vulnerabilities remain a serious risk.
I don’t own smart home devices, mainly because I’ve never felt the need. However, I didn’t expect my reluctance might one day be vindicated by the possibility that a rogue calendar invite could make those devices turn against me. But that’s exactly the kind of scenario that has been demonstrated, using Google’s Gemini to remotely control lights, windows, and even a boiler via a single poisoned calendar invite.
At the Black Hat security conference this week, a group of researchers from Tel Aviv University, Technion, and SafeBreach showed how they were able to hijack Gemini using what’s known as an indirect prompt injection. As reported by Wired, they embedded hidden instructions into a Google Calendar event, which Gemini then processed when asked to summarize the user’s week. From there, a few simple phrases like “thanks” were enough to trigger smart home actions without the user previously realizing anything was off.