Smart home hacked using Gemini AI

Posted date 21/08/2025

21/08/2025

A team of researchers from Tel Aviv University, Technion, and SafeBreach discovered a vulnerability in Gemini, Google’s artificial intelligence assistant, that allowed them to take control of smart home devices. The attack, known as an indirect prompt injection, involved inserting malicious commands into the description of a Google Calendar event. When the user asked Gemini to summarize their schedule, the AI would unknowingly execute these hidden instructions.

In a practical demonstration carried out in a controlled test environment, the researchers were able to turn lights on and off, raise blinds, and activate the boiler, all without direct user intervention. The attack, dubbed “Invitation is all you need”, is the first documented evidence showing how AI manipulation can trigger real-world physical actions from seemingly harmless data.

After the discovery, Google strengthened Gemini’s security by introducing filters to detect suspicious prompts, implementing tighter controls over calendar events, and requiring explicit confirmations before executing sensitive commands.

References

07/08/2025

larazon.com

El fallo de seguridad de Gemini que lo cambia todo: así han conseguido 'hackear' una casa entera simplemente pidiéndoselo a la IA
10/08/2025

techradar.com

Not so smart anymore - researchers hack into a Gemini-powered smart home by hijacking...Google Calendar?

Etiquetas