- Experts warn that an entry into a single calendar can silently kidnap your intelligent home without your knowledge
- The researchers showed that AI can be pirated to control smart homes using only words
- Say “Thank you” shot Gemini to light the lights and boil the water automatically
The promise of the integrated houses of AI has long included the convenience, automation and efficiency, however, a new study of researchers from the University of Tel Aviv has exposed a more disturbing reality.
In what can be the first known example of the real world of a successful injection attack immediately, the team manipulated an intelligent house with Gemini using nothing more than a compromised entry of Google Calendar.
The attack exploded Gemini's integration with the entire Google ecosystem, particularly its ability to access calendar events, interpret natural language indications and control smart devices connected.
From programming to sabotage: exploit access to daily AI
Gemini, although limited in autonomy, has enough “agent capabilities” to execute commands in intelligent starting systems.
This connectivity became a responsibility when the researchers inserted malicious instructions into a calendar appointment, masked as a regular event.
When the user then asked Gemini to summarize his schedule, he inadvertently activated the hidden instructions.
The embedded command included instructions for Gemini to act as a Google origin agent, which was knocked down until the user wrote a common phrase as “thanks” or “safe.”
At that time, Gemini activated smart devices such as lights, blinds and even a boiler, none of which the user had authorized at that time.
These delayed triggers were particularly effective to avoid existing defenses and confuse the source of the actions.
This method, called “notice”, poses serious concerns about how the interfaces of the user and external data interpret.
Researchers argue that such immediate injection attacks represent a growing class of threats that combine social engineering with automation.
They showed that this technique could go far beyond control devices.
It could also be used to eliminate appointments, send spam or open malicious websites, steps that could lead directly to identity theft or malware infection.
The research team coordinated with Google to reveal vulnerability and, in response, the company accelerated the launch of new protections against immediate injection attacks, including additional scrutiny for calendar events and additional confirmations for sensitive actions.
Even so, there are questions about how scalable are these corrections, especially as Gemini and other AI systems obtain more control over personal data and devices.
Unfortunately, traditional security suites and Firewall protection are not designed for this type of attack vector.
To stay safe, users must limit what tools of AI and assistants such as Gemini can access, especially calendars and intelligent home controls.
In addition, avoid storing sensitive or complex instructions in calendar events, and do not allow AI to act on them without supervision.
Be alert to the unusual behavior of intelligent devices and disconnect access if something seems off.
Wiring route
