Google Gemini flaw allowed meeting data exposure

Miggo Security researchers found that a recently patched flaw in Google Gemini allowed attackers to gain unauthorized access to private calendar meeting data through indirect prompt injection, SiliconANGLE reports.

Threat actors could exploit the vulnerability, which stems from Gemini's integration with Google Calendar, by embedding a thoughtfully worded but dormant prompt in the calendar invite's description field that orders Gemini to summarize meetings, create a new event, and keep the summary in the event description, according to the report. User inquiries to Gemini regarding their schedule triggers the prompt to process all relevant calendar entries and follow the hidden instruction, creating a new calendar event that included summaries of private meetings. Google confirmed the findings and said the vulnerability has been fixed.

"Effective protection will require runtime systems that reason about semantics, attribute intent and track data provenance. In other words, it must employ security controls that treat large language models as full application layers with privileges that must be carefully governed," the report concluded.