To find flaws, the “pirates” do not lack imagination, like this simple calendar invitation, concocted like a Trojan horse, allowed them to deceive the Gemini of Google to take control of a connected house.
No wonder such news goes around the networks.
The authors of the breach are not pirates strictly speaking, but indeed IT experts or researchers, so no one has undergone data theft or damage.
A first in AI
For the first time, these researchers demonstrated how AI could be hacked to sow chaos in the real world, in the words of Wired.
The target, a new apartment in Tel Aviv where the lights connected to the Internet go out, the smart shutters that cover the four windows in the living room and the kitchen are starting to get up simultaneously. And a connected boiler is set up remotely. The residents of the apartment did not trigger any of these actions. They did not program their smart devices. In reality, they are victims of an attack.
Using a simple trapped calendar invitation
Each unexpected action is orchestrated by three security researchers who demonstrate a sophisticated diversion of Gemini. The attacks all start with an invitation from the Google trapped calendar, which contains instructions to activate home automation products on a later date. When the researchers then ask Gemini to summarize the upcoming events in their agenda for the week, these dormant instructions are triggered and the products activate.
Google
These controlled demonstrations mark, according to the researchers, the first time that a hacking of a generative AI system has consequences in the physical world, suggesting the ravages and the risks that attacks against large linguistic models (GML) could cause more and more connected and transform into agents capable of accomplishing tasks for humans.
Serious security issues
“The GMLs are about to be integrated into physical humanoids, in semi-autonomous and entirely autonomous cars, and we must really understand how to secure GML before integrating them into this type of machine, where, in some cases, the challenges will be security and not confidentiality,” explains Ben Nassi, researcher at the University of Tel Aviv.
During demonstrations revealed this week at the Black Hat cybersecurity conference in Las Vegas, the researchers showed how Gemini could be used to send links to rotten, generate vulgar content, open the Zoom application and launch a call, steal emails and meeting details from a web browser, and download a file from the web browser.
This shows how an AI system can be instrumentalized or used as a weapon by organizations, pirates or vowel states.
The officials at Google took the discoveries of researchers very seriously.
