TZUTC: -0500   
   MSGID: 1341.consprcy@1:2320/105 2cfe5dd9   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Not so smart anymore - researchers hack into a Gemini-powered smart home by   
   hijacking...Google Calendar?   
      
   Date:   
   Sun, 10 Aug 2025 19:51:00 +0000   
      
   Description:   
   Fake Google Calendar event used to trick Gemini into controlling smart   
   devices, exposing a major AI vulnerability.   
      
   FULL STORY   
      
   The promise of AI-integrated homes has long included convenience, automation,   
   and efficiency, however, a new study from researchers at Tel Aviv University   
   has exposed a more unsettling reality.    
      
   In what may be the first known real-world example of a successful AI   
   prompt-injection attack, the team manipulated a Gemini-powered smart home   
   using nothing more than a compromised Google Calendar entry.    
      
   The attack exploited Geminis integration with the entire Google ecosystem,   
   particularly its ability to access calendar events, interpret natural    
   language prompts, and control connected smart devices.   
      
   From scheduling to sabotage: exploiting everyday AI access   
      
   Gemini, though limited in autonomy, has enough agentic capabilities to    
   execute commands on smart home systems.    
      
   That connectivity became a liability when the researchers inserted malicious   
   instructions into a calendar appointment, masked as a regular event.    
      
   When the user later asked Gemini to summarize their schedule, it    
   inadvertently triggered the hidden instructions.    
      
   The embedded command included instructions for Gemini to act as a Google Home   
   agent, lying dormant until a common phrase like thanks or sure was typed by   
   the user.    
      
   At that point, Gemini activated smart devices such as lights, shutters, and   
   even a boiler, none of which the user had authorized at that moment.    
      
   These delayed triggers were particularly effective in bypassing existing   
   defenses and confusing the source of the actions.    
      
   This method, dubbed promptware, raises serious concerns about how AI   
   interfaces interpret user input and external data.    
      
   The researchers argue that such prompt-injection attacks represent a growing   
   class of threats that blend social engineering with automation.    
      
   They demonstrated that this technique could go far beyond controlling    
   devices.    
      
   It could also be used to delete appointments, send spam, or open malicious   
   websites, steps that could lead directly to identity theft or malware   
   infection.    
      
   The research team coordinated with Google to disclose the vulnerability, and   
   in response, the company accelerated the rollout of new protections against   
   prompt-injection attacks, including added scrutiny for calendar events and   
   extra confirmations for sensitive actions.    
      
   Still, questions remain about how scalable these fixes are, especially as   
   Gemini and other AI systems gain more control over personal data and devices.    
      
   Unfortunately, traditional security suites and firewall protection are not   
   designed for this kind of attack vector.    
      
   To stay safe, users should limit what AI tools and assistants like Gemini can   
   access, especially calendars and smart home controls.    
      
   Also, avoid storing sensitive or complex instructions in calendar events, and   
   dont allow AI to act on them without oversight.    
      
   Be alert to unusual behavior from smart devices and disconnect access if   
   anything seems off.    
      
   Via Wired   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/not-so-smart-anymore-researchers-hack-i   
   nto-a-gemini-powered-smart-home-by-hijacking-google-calendar   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426