- Google won’t fix Gemini ASCII smuggling bug, calling it a user-side social engineering issue
- Attackers hide malicious prompts in invisible email text Gemini reads during summary
- Gemini’s integration with workspace apps makes it vulnerable to immediate warning phishing attacks
A recently detected “ASCII smuggling attack” will not get a fix in Google’s Gemini AI tool, the company said, saying it is not a security issue but a social engineering tactic and as such the responsibility lies with the end user.
This is according to Viktor Markopoulos, a security researcher at Firetail, who demonstrated the risks these attacks pose to Gemini users, but was apparently fired by the company.
ASCII smuggling is a type of attack in which Crooks tricks victims into pushing his AI tool with a malicious command that puts their computers and data at risk. The trick works by “smuggling,” or hiding, the notice in plain sight, for example, by making the text the AI reads invisible to the human behind the screen.
Smuggling indicators
In the early years of AI, this was not a big problem, because the user needed to mention the AI tool and type (or copy/paste) the message itself. However, a lot has changed since then and many AI tools are now being integrated with other applications and platforms.
Gemini, for example, is now integrated with Google Workplace, being able to extract data from sheets, generate text in documents, and read and summarize emails.
This last point is crucial here. As Markopoulos demonstrated, a threat actor could send a phishing email that, on the surface, looks completely legitimate.
However, it also comes with a malicious notice written in Font 0, in white, on a white background, so the reader won’t even see it. But when the victim asks Gemini to summarize the email, the tool also reads the message and responds to it.
That warning could be displaying a message that says, “Your computer is compromised, call Google to mitigate the threat immediately,” or a similar message, standard for phishing tricks.
Even more ominous, the notice could force different AI agents to exfiltrate sensitive data from the inbox. All it takes is a simple, benign command from the user to summarize or read the content of the email.
Through BleepingComputer
Follow TechRadar on Google News and Add us as a preferred source To get our news, reviews and expert opinion in your feeds. Make sure you click the Force button!
And of course you can too Follow TechRadar on Tiktok For news, reviews, decryptions in video form and get regular updates from us on WhatsApp also.
