Cybersecurity researchers have revealed a security vulnerability within Google Gemini that exploits indirect prompt injection to bypass authorization measures and extract data from Google Calendar.
According to Liad Eliyahu, Head of Research at Miggo Security, this vulnerability enables attackers to circumvent privacy settings on Google Calendar by embedding a malicious payload within seemingly innocent calendar invites. This method allows them to access private meeting details and create fake calendar events without any user interaction.
The attack begins when a malicious actor crafts a calendar event and sends it to a target. The event’s description includes a natural language prompt intended to manipulate Google Gemini. When the target queries Gemini with an innocuous question about their meetings, the AI processes the crafted prompt, generating a summary of the user’s schedule while secretly creating a new calendar event that may reveal private data back to the attacker.
Eliyahu highlighted that many enterprise calendar configurations would allow the attacker to view the newly created event, hence accessing the exfiltrated private information without any action from the target.
This issue has been addressed following responsible disclosure; however, it raises concerns about how the evolving capabilities of AI can increase the attack surface and introduce new security vulnerabilities. Eliyahu noted that vulnerabilities now extend beyond just the code; they exist within language, context, and AI behaviors at runtime.
The announcement came shortly after Varonis disclosed a similar attack, named Reprompt, which could enable adversaries to exfiltrate sensitive information from AI chatbots like Microsoft Copilot with a single click, effectively bypassing security controls.
The findings underscore the importance of continuously assessing large language models for various safety and security aspects, including their susceptibility to hallucinations, biases, and traditional vulnerabilities. This is crucial as recent vulnerabilities have been identified across multiple AI systems, emphasizing the need for robust auditing and security measures.
For example, the Schwarz Group’s XM Cyber reported new methods for escalating privileges within Google Cloud’s Vertex AI services. This vulnerability could allow attackers with minimal permissions to hijack high-privileged Service Agents, thus gaining unauthorized access to sensitive data and functionalities.
Additionally, several other vulnerabilities have emerged across different AI platforms, indicating an urgent need for organizations to thoroughly evaluate and secure AI systems from both traditional threats and those stemming from the unique nature of AI technologies.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.