Gmail's AI email summaries can be hacked to redirect users to phishing sites
According to Mozilla's GenAI Bug Bounty Programs Manager, Marco Figueroa, a security researcher demonstrated how a prompt injection vulnerability in Google Gemini for Workspace allowed hackers to 'hide malicious instructions inside an email', which were activated when users clicked on the 'Summarize this email' option in Gmail.
The process involved threat actors creating an email with invisible instructions for Gemini that were hidden in the body at the end of the message using HTML and CSS by setting the font size to zero and changing the text colour to white.
As there are no attachments in these emails, the message is highly likely to bypass Google's spam filters and reach the target's inbox. When the recipient opened their email and asked Gemini to generate a summarised version of the email, the AI tool was found to obey these hidden instructions.
These malicious instructions caused Gmail to show a phishing warning, which looked like it came from Google itself. Since the warning is coming from Gemini itself, many users won't even think twice about it, which is what makes the exploit very dangerous.
Figueroa also shares some ways in which these injection prompts can be detected and dealt with. One way is that Gemini can either remove or ignore the content hidden in the body text. Alternatively, Google can also use a post-processing filter that scans Gemini's output for things like urgent messages, phone numbers and URLs and flags them for further review.
When BleepingComputer asked Google about the security exploit and how it plans to prevent such attacks, a company spokesperson said that some mitigations were in place and others were being implemented. The tech giant also said that, as of now, there are no hackers using this trick in real-world attacks, but the research does show that it's possible to do so.
Google may be very good at finding and fixing such security loopholes, but threat actors are usually known for thinking one step ahead. We suggest users not to blindly trust any AI-generated email summaries and check links and emails before clicking on them.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mint
9 minutes ago
- Mint
How your Android phone can alert you about an earthquake (and how to enable it)
With recent earthquakes rattling cities like Delhi and tremors felt across North India, knowing a quake is coming, even a few seconds early, can be the difference between panic and action. Most Android smartphones already have a built-in system to alert you before the worst of the shaking hits. You just need to know how to turn it on. Your phone's accelerometer, the same sensor that knows when you rotate the screen, can detect the early tremors of an earthquake, known as P-waves. These are fast but not destructive. Once detected, your phone shares anonymous location and motion data with Google's servers. If enough phones in an area pick up similar signals, the system confirms a quake is happening. Before the slower but more dangerous S-waves hit, the server sends out an alert, giving you precious seconds to react. This system is being rolled out in phases across India, with alerts already active in many large cities and quake-prone regions. If you use an Android phone running version 5.0 (Lollipop) or above and have Google Play Services enabled, you're likely covered. The alerts are automatic in supported areas, but you need to have them turned on in your settings. Follow these quick steps to activate earthquake alerts: Step 1: Open the Settings app Step 2: Scroll down to 'Safety and emergency' (on some phones, it may be under 'Location'). Step 3: Tap on 'Earthquake alerts' Step 4: Toggle the switch to Enable alerts Make sure your location is turned on. The system works best when your phone knows where you are. The data sent to Google is anonymous and used only for quake detection, not for tracking you. To check if alerts are active, search for 'Earthquake' in your Settings app and verify the toggle. If your phone buzzes with a quake warning: Drop, cover, and hold: Get under a table or sturdy surface. Stay away from windows and objects that could fall. Don't panic or run: Use the few seconds to secure yourself. Even a five-second heads-up can be life-saving. You'll need an internet or mobile signal for the alert to reach you. Remote areas with weak coverage may not benefit fully. This system is a supplement, not a replacement, for official government alerts or emergency protocols.
&w=3840&q=100)
Business Standard
9 minutes ago
- Business Standard
Android, Play Store generated ₹4 trn revenue, 3.5 mn jobs in India in 2024
A new report by UK-based research firm Public First has highlighted the massive contribution of Google Play and Android to India's digital economy. According to the study, the Android ecosystem helped generate around ₹4 trillion in revenue for app developers and the broader economy in 2024, news agency PTI reported. India is among the world's largest and fastest-growing digital economies. This rapid growth is supported by the increasing use of smartphones, low-cost internet, and a vibrant community of app developers and tech entrepreneurs, the report said. What's powering India's app ecosystem? Android is the most popular mobile operating system globally and is used across smartphones, tablets, laptops, and other smart devices. Google Play, the official app store for Android, is the main platform for downloading and distributing apps. 'In 2024, the Play and Android ecosystem generated ₹4 trillion in revenue for app publishers and the wider economy in India,' the report stated. The report estimated that over 3.5 million jobs were created in India due to the Android and Google Play app ecosystem. India also has the second-largest number of active developers on Google Play, with over 1 million developer jobs supported by the platform. Indian apps see global reach, high downloads Nearly 79 per cent of Indian app developers have international users, the report noted. In 2024, apps made by Indian developers were downloaded 7,200 million times from the Play Store — 6,000 million times by Indian users and 1,200 million times by users abroad. Google adds new tools to improve Android app security To improve user safety, Google has rolled out new security features through Google Play Protect, which scans apps and protects users from harmful behaviour — even for apps installed from outside the Play Store. Play Protect expands fraud safeguards globally Play Protect now auto-revokes permissions from risky apps and disables scanning during calls to prevent scams. It shows Chrome alerts if protection is off and adds a 'verified' badge for trusted VPNs. Its fraud prevention tool, built with Singapore's Cyber Security Agency, now covers more countries, including India, to block harmful side-loaded apps.
India Today
18 minutes ago
- India Today
Pixel 10 launching in India on August 21, Google says it will offer exclusive offer to these buyers
The wait is almost over. Google has officially confirmed that it will unveil its next-generation flagship smartphones, the Pixel 10 series, in India on August 21. The Indian launch will follow the global unveiling, which is scheduled for August 20. This year, the Pixel lineup is expected to include four models: Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, and the Pixel 10 Pro Fold. Alongside the confirmation of the launch date, Google has also revealed a special exclusive offer for Google Store subscribers who are eager to get their hands on the new has announced an exclusive pre-order offer for Google Store subscribers who sign up before 12:30 PM IST on August 19. Interested buyers who register by the deadline will receive a promotional code via email on the day the phones become available for pre-order. In addition to this, Google is promoting the benefits of purchasing Pixel smartphones directly from the Google Store in India, which was launched earlier this year. These benefits include an exchange bonus and money-back offers for old phones, the chance to earn Google Store credit during eligible promotions for future purchases, and the option of no-cost EMIs for up to 24 months on credit card look at Pixel 10 ProMeanwhile, along with the launch announcement, Google has also dropped a teaser of the upcoming Pixel 10 Pro, giving users a first look at the new device. The design of the Pixel 10 Pro appears similar to the Pixel 9 Pro, featuring a distinctive pill-shaped camera island. However, the teaser hints at subtle design refinements. While full specifications of the Pixel 10 series remain under wraps, early leaks and teaser suggest a triple-camera setup on the Pro models, with a 48-megapixel main sensor, a 12-megapixel ultrawide, and a 10.8-megapixel telephoto. The base Pixel 10 is expected to feature slightly smaller sensors and a more minimal Pixel 10 series: Expected upgradesOne of the most significant upgrades expected across the upcoming Pixel 10 series is in performance with the new Tensor G5 chipset. The new chipset is reportedly built on TSMC's 3nm base Pixel 10 is also likely to get upgraded camera sensors, potentially adding a telephoto lens for the first time, although there are rumours that Google might reduce the size of the primary and ultrawide Pixel 10 Pro Fold, in particular, is rumoured to offer a larger cover screen, a slimmer hinge design, and an IP68 rating for dust and water resistance. It may also feature a significantly upgraded battery performance, positioning it as a competitive foldable Pixel 10 series will also debut with Android 16, introducing a redesigned Material 3 Expressive UI and deeper integration of AI features. Some of these new capabilities were showcased earlier this year at Google I/O 2025, including AI-driven video editing in Google Photos, voice-controlled photo adjustments with 'Speak-to-Tweak,' and the new 'Sketch-to-Image' tool. Additionally, there are rumours about the introduction of a new on-device AI assistant called 'Pixel Sense,' which would leverage local data processing to offer users enhanced privacy and personalised experiences across various Google applications like Gmail, Maps, and YouTube.- Ends
