Vulnérabilité Gemini : Attaques par ‘Promptware’ Découvertes
Paris – 03 Mai 2024 – Des chercheurs de l’Université de Tel Aviv ont révélé une vulnérabilité critique dans l’assistant IA Gemini de Google. Cette faille,baptisée ‘Promptware’,permet à des cybercriminels d’intégrer des instructions malveillantes dans des fichiers apparemment inoffensifs,comme des emails ou des invitations de calendrier. L’exploitation de cette vulnérabilité Gemini pourrait donner aux attaquants un contrôle inquiétant sur les appareils connectés et les informations personnelles des utilisateurs.Découvrez comment cette nouvelle menace impacte votre sécurité numérique.
Summary of teh Article: Gemini AI Vulnerability – “Promptware” Attacks
This article details a security vulnerability discovered in Google’s Gemini AI assistant by researchers at Tel Aviv University. Here’s a breakdown:
The threat: “Promptware” Attacks. Cybercriminals can exploit Gemini by embedding malicious instructions (“prompts”) within seemingly harmless files like emails,calendar invitations,or shared documents.
How it effectively works: when a user asks Gemini to summarize or provide data about these compromised files, the hidden malicious prompt is activated.
Potential Consequences: This allows attackers to:
Control smart home devices (thermostats, lights, etc.)
Access personal information (emails, calendar events)
Track the victim’s location
Even remotely control devices like opening windows or initiating video streams – all without the user’s knowledge. Affected Platforms: Gemini on mobile apps, web interface, and Google Assistant are all vulnerable.
Severity: Researchers found 73% of the threats they analyzed to be high-risk.
Google’s Response: Google was alerted in February and has implemented “several defenses” to mitigate the issue.
* Researchers: Ben Nassi, Stav Cohen, and Yair from the University of Tel Aviv.
In essence, the article highlights a new and concerning attack vector where AI assistants can be compromised through cleverly disguised malicious instructions delivered via everyday digital communications.
