Researchers Seize Control of Smart Homes With Malicious Gemini AI Prompts
A recent demonstration at the Black Hat computer-security conference has shown that outside Gemini AI prompts, dubbed "promptware," can be used to take control of Google Home-connected smart devices. This alarming discovery raises concerns for Google, which is working to add Gemini features to its Google Home app and replace Google Assistant with the new AI helper.
The secret to these vulnerabilities lies in how Gemini is designed to respond to basic commands in English. Researchers from Tel Aviv University, including Ben Nassi, Stav Cohen, and Or Yair, have created a website that showcases their report, titled "Invitation is All You Need." The website includes videos showing how the right Gemini prompts could be used to open windows, turn off lights, turn on a boiler, or geolocate the current user.
The researchers discovered that a detailed prompt can be hidden in an innocuous Calendar invite title or similar spot. These commands can make Gemini create a hidden agent and wait for a common response (like saying "thank you" in an email) to trigger certain actions. Even if your calendar controls are tight, some of these promptware attacks could be performed through other things that Gemini scans, such as an email subject line.
Other demonstrations showed how similar commands could lead to spam messages, deleted events, automatic Zoom streaming, and more unpleasant tricks. Should you worry about your Google Home devices? According to Google, it has introduced multiple fixes to address the promptware vulnerabilities since the researchers provided Google with their report in February.
"We fixed this issue before it could be exploited thanks to the great work and responsible disclosure by Ben Nassi and team," said Andy Wen, senior director of security product management at Google Workspace. "Their research helped us better understand novel attack pathways, and accelerated our work to deploy new, cutting-edge defenses which are now in place protecting users."
If you're still concerned, you can disable Gemini entirely in most cases. Smart home hacking is relatively rare and difficult with today's latest security measures. However, as these new generative AIs get added to smart homes (the slowly rolling out Alexa Plus and eventual Siri AI upgrades included), there's a chance they could bring new vulnerabilities with them.
As these AI features are integrated into smart homes, it's essential to ensure their security is prioritized. We hope that Google will continue to work on strengthening the defenses of its AI-powered smart home devices and provide users with peace of mind as they welcome these innovative technologies into their homes.