CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Artificial Intelligence

Google Gemini Tricked Into Showing Phishing Message Hidden in Email

Google Gemini for Workspace can be tricked into displaying a phishing message when asked to summarize an email. The post Google Gemini Tricked Into Showing Phishing Message Hidden in Email appeared first on SecurityWeek.

AI hack

A researcher has found that Google Gemini for Workspace is affected by a prompt injection vulnerability that can be exploited to trick the AI assistant into displaying a phishing message.

The weakness was found by Marco Figueroa and reported through Mozilla’s 0Din bug bounty program, which focuses on gen-AI vulnerabilities.

The researcher’s hack involves sending the targeted user an email that, in addition to a benign lure text, contains a phishing message that is written with white font on a white background, making it invisible to the target. 

This phishing message, which needs to be wrapped inside <admin> tags, instructs Gemini to include the message at the end of its response.

When the target uses Gemini’s ‘summarize this email’ functionality to get a summary of the attacker’s email, in addition to a summary of the text visible to the victim, Gemini displays the phishing message. That is because Gemini prioritizes the text wrapped in <admin> tags and reproduces it verbatim. 

As an example, Figueroa created an email that would cause Gemini to display a message informing the victim that their Gmail password has been compromised, instructing them to call a phone number to reset the password. The attacker could then phish the victim’s credentials when they get the call. 

Google has been taking steps to mitigate prompt injection attacks and it recently summarized its work in this area. 

The company told SecurityWeek that it has not seen any evidence of this specific method being used in attacks.

“Defending against attacks impacting the industry, like prompt injections, has been a continued priority for us, and we’ve deployed numerous strong defenses to keep users safe, including safeguards to prevent harmful or misleading responses. We are constantly hardening our already robust defenses through red-teaming exercises that train our models to defend against these types of adversarial attacks,” a Google spokesperson said via email.

*updated with statement from Google

Related: Grok-4 Falls to a Jailbreak Two Days After Its Release

Related: ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis

Related: New AI Jailbreak Bypasses Guardrails With Ease

Latest News

CYBERNEWSMEDIAPublisher