Google fixes critical flaw that leaked calendar data

Google has fixed a critical vulnerability in its artificial intelligence, Gemini, that allowed unauthorized access to sensitive information from Google Calendar. This flaw, discovered by security researchers, used normal invites to conceal instructions that could be executed by the AI.

The vulnerability exploited the way Gemini interacts with calendar events, as it reads this data to answer users' questions, such as "What is on my schedule today?" Unlike typical flaws that rely on malicious code, this one enabled permissions through plain language.

How the vulnerability worked

Researchers investigated the integration between Gemini and Google Calendar after noticing that the AI had unrestricted access to event information. This integration could be manipulated by attackers with a simple approach.

The attack was carried out in three steps. First, a criminal would create a normal event and send an invitation to the victim. Then, in the event description field, they would hide a command that the AI would execute when responding to questions about the victim's schedule.

The disguised command allowed the execution of actions such as summarizing meetings and creating new events, utilizing Gemini's ability to act based on commands.

Silent data leakage

For the victim, the system seemed to function normally when responding that "it is a free hour," but the AI, in the background, was executing actions without consent. It summarized private meetings, including sensitive appointments, and created a new event that could be viewed by the attacker.

As a result, sensitive information could be accessed without the user noticing any issues, which poses a serious risk, especially in corporate environments.

New security challenge

This type of attack brings forth a new challenge for cybersecurity. While traditional applications seek to block evident malicious patterns, vulnerabilities in Large Language Models (LLMs) are subtler and often imperceptible.

The complexity arises from the fact that harmful commands can appear legitimate, making identification and mitigation difficult without affecting the normal use of the system.

Potential impact

With the increasing use of AI assistants in corporate tools, this vulnerability could become more common. A successful attack could compromise entire calendars, exposing sensitive information.

Experts warn that such exploitation could jeopardize critical corporate data, such as strategic plans and personal information of employees, all stemming from a simple calendar invitation.

Quick fix by Google

Google has already implemented fixes for the flaw after confirming the researchers' findings. The company conducted a thorough audit and found no evidence of further exploitation of the vulnerability by other actors.

Although additional protections have been put in place, Google chose not to disclose specific technical details to prevent new exploitation attempts.

For more technology and security news, follow Google's official channels and subscribe to specialized platforms.