More from the article ...

... New research demonstrates how generative AI models like Google's Gemini can be manipulated to control real-world devices. The attack, developed by Ben Nassi from Tel Aviv University, Stav Cohen from Technion, and Or Yair from SafeBreach, uses a technique known as indirect prompt injection.

The attack involves placing hidden commands inside calendar invites. When a user asks Gemini to summarize scheduled events, it processes the prompts without realizing they could be harmful. This triggers actions like opening smart window shutters, switching off lights, or activating a boiler.

The AI isn't given these commands directly; the prompts are hidden in events it pulls context from. The devices can also be triggered when users say common words like "thanks" in response to the AI, according to Wired.

Fourteen different attacks were developed as part of the research, named "Invitation Is All You Need." Other methods are: using Gemini to start Zoom calls, send spam, read browser content, and delete calendar events. In one case, Gemini read abusive messages drawn from a prompt injection designed to shock the user. ...