Google Calendar invites let researchers hijack Gemini to leak user data www.bleepingcomputer.com/news/secu…

Google fixed a bug that allowed maliciously crafted Google Calendar invites to remotely take over Gemini agents running on the target’s device and leak sensitive user data.

The attack unfolded without requiring any user involvement beyond typical interactions with the assistant, which occur daily for users of Gemini.

Gemini is Google’s large language model (LLM) assistant integrated into Android, Google web services, and Google’s Workspace apps, having access to Gmail, Calendar, and Google Home.

By sending a calendar invite with an embedded prompt injection, often hidden in the event title, attackers can potentially exfiltrate email content and Calendar information, track victim location, control smart home devices via Google Home, open apps on Android, and trigger Zoom video calls.