Google Calendar bug uses Gemini to take over smart home devices and steal user data
As reported by Bleeping Computer, a maliciously crafted invite within Google Calendar can remotely take over Gemini agents without any user involvement beyond typical day-to-day interaction with the assistant.
The security researchers at SafeBreach, who demonstrated this attack in a report, were able to send a calendar invite with an embedded prompt injection, hidden in the event title, which permitted them to exfiltrate a variety of user data like email content and Calendar information. They were also able to track the victim's location, control smart home devices (using Google Home) open apps on Android and trigger Zoom calls.
The researchers made note that the attack did not require white-box model access and was not blocked by Gemini's protection measures or by prompt filtering. Instead, the attack begins with a malicious Google Calendar event invite sent to the victim which includes an event title containing an indirect prompt injection. The victim then only needs to interact with Gemini as they typically would, such as asking 'What are my calendar events today?' in order to cause the AI chatbot to pull a list of events from the Calendar – which will include the malicious event title embedded by the attacker.
This will then becomes part of Gemini's content window, and the assistant will treat it as part of the conversation as it is unable to realize that the instruction is malicious. Depending on what the instruction is, it could cause lead to a number of different prompts from being executed, causing events in Google Calendar to be edited or removed entirely, opening URLs to retrieve the victim's IP address, joining a Zoom call, using Google Home to control devices, or accessing emails and leaking user data.
However, it could take up to six calendar invites for this attack to work with the malicious prompt being included only in the last invite. This is because the Calendar events section displays only the five most recent events; the rest fall under the 'Show more' button. Gemini will parse them all – including the malicious one – when instructed to. Additionally, the victim will not see the malicious event title or realize there has been a compromise unless they expand the events list by clicking 'Show more.'
Gemini, Google's LLM (large language model) assistant, is integrated into Android, Google web services and Google's Workspace apps so it has access to Gmail, Calendar and Google Home. These attacks are a downside of Google's broad access and reach, and while its usefulness comes from its ability to reach across tools, this is also proving to be a detriment when it comes to the nature of this attack. Google has already issued a fix and has credited the team of researchers and their efforts.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Android Authority
14 minutes ago
- Android Authority
How to use the Google Photos app's new Remix tool to transform your pictures
Joe Maring / Android Authority TL;DR Google has offered more details on its new Remix feature for the Photos app. Users will be able to edit photos to reflect different art styles, such as anime, 3D animation, sketch, and comic books. There will be a Regenerate button to get different results. Back in July, Google announced the Photos app would get two new AI-powered features. One tool was a photo-to-video generator, and the other turns photos into illustrations reflecting different art styles. Google said that the latter tool would roll out in the next few weeks. While it has yet to widely launch, the tech giant shared more details about the feature. Don't want to miss the best from Android Authority? Set us as a preferred source in Google Search to support us and make sure you never miss our latest exclusive reports, expert analysis, and much more. In a community forum post, Google explains how to use its artistic styles editor, which it calls Remix. To start, you'll need to open Google Photos and tap on the Create new button (the plus icon in the top right corner). From there, you'll see the Remix option and you can follow these steps: To try out Remix, tap Try now. Select a style. To choose a photo that you want to edit, tap Choose photo. To change your selected photo, tap Change photo. Tap Generate. You can save and share your edited photo: To save the photo, tap Save. To share the photo, tap Share. The company warns that this is an 'experimental' feature, so the generated results may not always match up with the photo. Additionally, you'll want to use photos that are well-lit and focused to get the best results. If the results aren't to your liking, there will be a Regenerate button to get different results in the same art style. The tool is rolling out with four art styles to choose from: anime, 3D animation, sketch, and comic books. Google has not said if it plans to add more art styles in the future. Are you seeing the new Remix feature in the Google Photos app? Let us know in the comments section below. Follow
Business Insider
16 minutes ago
- Business Insider
AI startup Perplexity is raising more money at a $20 billion valuation
Perplexity is raising yet another round of funding, Business Insider has learned. The AI search engine is seeking a fresh fundraise at a $20 billion post-money valuation, according to an email sent to prospective investors seen by BI, and a source with knowledge of the raise. It's been a busy year for Perplexity, which has become one of AI's hottest startups with funding from investors including SoftBank, Nvidia, and Jeff Bezos. Perplexity just made a $34.5 billion bid for Google's Chrome browser earlier this week, and it's been contending with analysts urging Apple to buy the booming startup for months. The new valuation represents a $2 billion jump from Perplexity's most recent valuation of $18 billion in its latest fundraising round in July, as first reported by Bloomberg last month. That's up from a $520 million valuation in January 2024. All the while, Perplexity's business has been surging. The startup, which launched in 2022 to combine large-language models with web searches to provide real-time answers to user questions, boosted its annual recurring revenue above $150 million by the middle of 2025. That's more than quadruple its roughly $35 million in ARR a year ago, according to the email seen by BI. Perplexity head of communication Jesse Dwyer said Perplexity is currently doing more than $150 million in ARR. He didn't answer further questions for this story. Perplexity is facing fierce competition from Big Tech giants like Google — the startup announced its own AI-native browser Comet last month — alongside AI leaders like OpenAI, which is reportedly working on its own web browser. It's not clear who's set to lead the latest funding round. Perplexity has raised about $1.5 billion to date, according to PitchBook. The $20 billion valuation Perplexity is seeking, while a meaningful lift for the company, still doesn't come close to the $34.5 billion Perplexity offered this week to buy Chrome from Google. Google hasn't signaled any intent to sell the browser, despite facing pressure from the Department of Justice to divest Chrome over antitrust concerns. Perplexity told The Wall Street Journal it has received commitments from several investors, including large venture capital funds, to fund the transaction, though it didn't disclose the names of those investors. Many have dismissed the bid as little more than a marketing stunt. "It makes them seem like a big player and helps them with fundraising, talent, and user attention by staying in the news cycle," one VC, who is not an investor in Perplexity, said. Perplexity has also sidestepped rumors that it could make a deal with Apple as the iPhone maker falls behind in the AI race. Dan Ives, managing director and equity research analyst at Wedbush Securities, said acquiring Perplexity should be a "no-brainer deal" for the tech behemoth. "For Apple, time is ticking," he told BI. Dwyer said at the time that the team was "unaware of any M&A discussions that involve Perplexity."
Android Authority
44 minutes ago
- Android Authority
Google's official Pixel 10 cases just leaked, confirming a big upgrade
TL;DR Newly leaked images have given us a good look at Google's first-party Pixel 10 cases. The cases resemble last year's Pixel 9 versions, with the primary difference being the inclusion of built-in magnets. The case colors mimic those we expect for the Pixel 10 itself, including Indigo and Limoncello. The Google Pixel 10 series has already been leaked to death at this point, whether we're talking design renders or detailed specs. With the phones fully leaked, the rumor mill has now turned to accessories — specifically, Pixel 10 cases. Don't want to miss the best from Android Authority? Set us as a preferred source in Google Search to support us and make sure you never miss our latest exclusive reports, expert analysis, and much more. Nieuwemobiel recently published official-looking renders of Google's first-party cases for the Pixel 10, Pixel 10 Pro, and Pixel 10 Pro XL. Just like Google's Pixel 9 cases, these are also made of silicone paired with a soft microfiber lining on the inside. However, there is one big new feature this year: magnets. As you can see in the photo above, the inside of the Pixel 10 case now features a circle in the center, which is almost certainly an outline for the case's built-in magnet. Google is expected to introduce 'Pixelsnap' magnetic accessories alongside the Pixel 10 series, such as magnetic charging pucks and charging docks. As a reminder, we expect all Pixel 10 models to have magnets built into the phones themselves, meaning a case won't be required to use the phones with Pixelsnap accessories. However, adding magnets to the cases means that if you prefer to use your phone with a case, you'll still be able to use whatever magnetic accessories you want. Besides the magnet addition, the case renders reveal a new bit of 'Pixel' branding on the inside of the case near the bottom. It also looks like the case colors will resemble those of the phones. The Pixel 10 case is shown in Indigo, Obsidian, Limoncello, and Frost colors. Meanwhile, the Pixel 10 Pro/10 Pro XL cases appear in Moonstone, Jade, and Porcelain. I've been quite happy with the official Google case I've used with the Pixel 9 Pro over the last year, so I'm okay without Google shaking things up too much design-wise. What will be interesting, though, is whether the addition of magnets this year means a price increase. Google's official Pixel 9 cases retail for $35, and while I'd love for the Pixel 10 cases to maintain that price, I wouldn't be shocked if they increase by $5 or $10 due to the new magnets. Follow
