Latest news with #StavCohen
CNET
6 days ago
- CNET
Researchers Seize Control of Smart Homes With Malicious Gemini AI Prompts
Recent reports and demonstrations from the Black Hat computer-security conference have shown how outside Gemini AI prompts -- dubbed promptware -- could fool the AI and force it to control Google Home-connected smart devices. That's an issue for Google, which has been working to add Gemini features to its Google Home app and replace Google Assistant with the new AI helper. The secret to these serious vulnerabilities is how Gemini is designed to respond to basic commands in English. Demonstrations show how a prompt sneakily added to an inserted Google Calendar invite will be read by Gemini the same way it scans other Google app data, such as when it is summarizing emails. But in this case, the addition gives Gemini a very specific order, like creating an agent to control everyday devices from Google Home. The Tel Aviv University researchers, including Ben Nassi, Stav Cohen and Or Yair, have created their own website that showcases their report, "Invitation is All You Need." It includes videos showing how the right Gemini prompts could be used to open windows, turn off lights, turn on a boiler, or geolocate the current user. As the Invitation is All You Need research shows, a detailed prompt can be hidden in an innocuous Calendar invite title or similar spot. These commands can make Gemini create a hidden agent and wait for a common response (like saying "thank you" in an email) to trigger certain actions. Even if your calendar controls are tight, some of these promptware attacks could be performed through other things that Gemini scans, such as an email subject line. Other demonstrations showed how similar commands could lead to spam messages, deleted events, automatic Zoom streaming and more unpleasant tricks. Should you worry about your Google Home devices? Google told CNET they have introduced multiple fixes to address the promptware vulnerabilities since the researchers provided Google with their report in February 2015. That's the point of the Black Hat conferences -- to uncover problems before real cybercriminals seize them, and get the fixes in fast. Andy Wen, senior director of security product management at Google Workspace, told CNET, "We fixed this issue before it could be exploited thanks to the great work and responsible disclosure by Ben Nassi and team. Their research helped us better understand novel attack pathways, and accelerated our work to deploy new, cutting edge defenses which are now in place protecting users." If you're still concerned, you can disable Gemini entirely in most cases. As I've covered before as CNET's home security editor, smart home hacking is very rare and very difficult with today's latest security measures. But as these new generative AIs get added to smart homes (the slowly rolling out Alexa Plus and eventual Siri AI upgrades included), there's a chance they could bring new vulnerabilities with them. Now, we're seeing how that actually works, and I'd like these AI features to get another security pass, ASAP.
Hindustan Times
07-06-2025
- Science
- Hindustan Times
What does the world's first AI worm mean for you?
The Creeper program is generally considered the world's first computer virus. Born as an experiment in 1971, it infected computers and slowed operations to a crawl. Reaper was the world's first antivirus, designed to destroy it. The battle has waged on ever since. There was the Brain virus from 1986, which spread through floppy disks and flashed alarming messages of infection on home computers (while also slowing them down). Then came the Morris Worm, a self-replicating program created at Cornell University, as part of an unofficial experiment, in 1988. It swept the world, slowing computers down to such a degree that a single email could take days to send. Fast-forward to 2024, and a new beast has emerged, from a joint experiment conducted by Cornell, the Technion-Israel Institute of Technology and the software company Intuit. Named Morris II, it is being called the world's first generative AI worm. The self-replicating bug has shown the ability to spread rapidly through AI-powered email, and target generative AI platforms such as ChatGPT and Google Gemini. The way it creeps around is quite sinister. It essentially hides, somewhat like a shadow, in common chatbot and AI assistant prompts. When this prompt is issued by a generative AI model, and accepted by a user, it triggers a shadow instruction alongside. The shadow prompt may instruct the AI program to hand over data, alter code, or help the worm itself replicate. Additionally, any time such a prompt is used to create an email or other such output, the worm spreads seamlessly to every recipient of that content. Morris II isn't out there prowling yet. Researchers Ben Nassi, Stav Cohen and Ron Bitton created it in a controlled environment for the same reason many of their predecessors did this: to highlight levels of risk, and raise an alarm. The really alarming thing, this time around, is that the worm may wreak its damage invisibly, without the user ever knowing it was there. It could also potentially 'learn' as it goes, finding new ways to infiltrate systems, and evade detection. In a report released in April, cyber-security company Check Point Software has already noted that AI-driven malware could exploit vulnerabilities in real time, making traditional signature-based antivirus tools nearly obsolete. This cat-and-mouse game isn't new. Traditional worms such as WannaCry, the ransomware that first appeared in 2017, cost billions in damages across hospitals, banks and governments, in this way. But AI raises the stakes Track and shield Unsurprisingly, security firms are already racing to harness AI to outsmart AI. Amid this race, consultancy firm McKinsey estimates that cybersecurity solutions, which companies around the world spent about $150 billion on in 2021, could soon be a market worth as much as $2 trillion. Among the weapons emerging on the good side, in this battle, are virtual private networks or VPNs. In addition to anonymising a user's web-browsing data and providing a layer of security for information sent and received, companies such as ExpressVPN, Proton and Nord are evolving to offer clients solutions that will protect not just smartphones and computing devices but also smart TVs, appliances and home systems. ExpressVPN, for instance, rolled out an 'AI shield' late last year that uses artificial intelligence to predict and neutralise zero-day exploits (which is when a new bug or vulnerability in a system is exploited, in the hours before it is fixed). Traditional antivirus companies are responding to the shifting landscape too. Market leaders such as McAfee and Norton are working to provide advanced AI-led protection against AI-led threats, with a special focus on text messages, phone calls, email and web browser use. We aren't at the point of dos and don'ts yet. It is still unclear what the threats may look like. But watch this space. It will pay to know all you can. Because this time, it may not even take a click from you to change your world.
