Threat actors could compromise Google Gemini for Workspace instances with the Google Calendar invite with the new Targeted Promptware attack involving indirect prompt injection, reports Hackread.
Malicious Google Calendar invitations with concealed prompts enabled not only the theft of private emails and discovery of users' locations but also the distribution of phishing emails, creation of harmful content, and removal of calendar events, as well as the activation of users' cameras via Zoom, a study by SafeBreach researchers showed. Multiple mobile apps, including those for managing smart home devices, could also be compromised with Targeted Promptware, said researchers, who noted that almost three-quarters of Promptware threats were high-critical risks that could also affect other artificial intelligence-based systems. Google, which has been notified about the attack in February, has already implemented more robust security mechanisms and improved prompt injection attack detection systems to mitigate the threat.
Malicious Google Calendar invitations with concealed prompts enabled not only the theft of private emails and discovery of users' locations but also the distribution of phishing emails, creation of harmful content, and removal of calendar events, as well as the activation of users' cameras via Zoom, a study by SafeBreach researchers showed. Multiple mobile apps, including those for managing smart home devices, could also be compromised with Targeted Promptware, said researchers, who noted that almost three-quarters of Promptware threats were high-critical risks that could also affect other artificial intelligence-based systems. Google, which has been notified about the attack in February, has already implemented more robust security mechanisms and improved prompt injection attack detection systems to mitigate the threat.
