Danger of phishing attack on Gmail: Researcher warns, it could lead to big cyber fraud..
Google's AI chatbot Gemini in Gmail, which is used for features like summarizing emails and rewriting emails, is now facing a new cybersecurity challenge. A researcher has claimed that Gemini is vulnerable to prompt injection-based phishing attacks.
Mozilla's GenAI bug bounty program manager, Marco Figueroa, discovered this vulnerability and gave a demo of it on Mozilla's bug bounty platform "0din". No complex hacking technique is required to carry out this attack, but it can be done with just a simple text command. This is called prompt injection.
What is prompt injection?
This is a technique in which the input or instructions given to the AI are changed in such a way that it starts behaving unexpectedly or dangerously. In this case, the researcher wrote a long email and added some hidden text at the end of it. The prompt that misled Gemini was hidden in this text. The email did not contain any URL or attachment, so it easily reached the receiver's primary inbox.
How was the hidden text written?
The researcher wrote the text in white on a white background so that it is not visible to the user. Apart from this, other methods of writing hidden text, like zero font size, off-screen text placement, and HTML or CSS tricks, can also be used.
How big is the danger?
If the user uses Gemini's "summarise email" feature to read the email, then this AI chatbot reads the hidden text and prepares a summary of the email accordingly. The researcher says that if this hidden message is inside an admin tag, then Gemini gives it more priority and follows it quickly.
Even more scary?
The researcher showed a screenshot in which Gemini included that hidden message in its summary. Now that a suspicious or phishing message appears to the user not as a stranger's mail but as a suggestion from Gemini, which increases the chances of getting cheated manifold.
Disclaimer: This content has been sourced and edited from Amar Ujala. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.
