Warning to all Gmail users over new type of attack
These emails are crafted to appear urgent and sometimes from a business. By setting the font size to zero and the text color to white, attackers can insert prompts invisible to users but actionable by Gemini. Marco Figueroa, GenAI bounty manager, demonstrated how such a malicious prompt could falsely alert users that their email account has been compromised, urging them to call a fake 'Google support' phone number provided in to resolve the issue.
To counter these prompt injection attacks, experts recommend that companies configure email clients to detect and neutralize hidden content in message bodies. Additionally, implementing post-processing filters to scan inboxes for suspicious elements like 'urgent messages,' URLs, or phone numbers could bolster defenses against such threats. The trick was uncovered after research, led by Mozilla's 0Din security team, showed proof of one of the attacks last week.
The report demonstrated how Gemini could be fooled into displaying a fake security alert, one that claimed the user's password had been compromised. It looked real but was entirely built by hackers to steal information. The trick works by embedding the prompt in white text that blends into the email background.
So when someone clicks 'summarize this email,' Gemini processes the hidden message, not just the visible text. This type of manipulation, called 'indirect prompt injection,' takes advantage of AI's inability to tell the difference between a user's question and a hacker's hidden message. According to IBM, AI cannot tell the difference, as they both look like text, so AI follows whichever comes first, even if it is malicious.
Security firms like Hidden Layer have shown how an attacker could craft a completely normal-looking message but fill it with hidden codes and URLs, tools designed to fool AI. In one of the cases, hackers sent an email that looked like a calendar invite. But inside the email, hidden commands told Gemini to warn the user about a fake password breach, tricking them into clicking a malicious link.
Google admitted this kind of attack has been a problem since 2024 and said it added new safety tools to stop it, but the trick appears to still be working. In one case, a major security flaw reported to Google showed how attackers could hide fake instructions inside emails that trick Gemini into doing things users never asked for. Instead of fixing the issue, Google marked the report as 'won't fix,' meaning they believe Gemini is working the way it is supposed to.
That decision shocked some security experts, because it basically means Google sees this behavior, not recognizing hidden instructions, as expected, not broken. This means that the door is still open for hackers to sneak in commands that the AI might follow without question. Experts are concerned as if the AI cannot tell the difference between a real message and a hidden attack, and Google would not fix the behavior, then the risk remains active. AI is getting more popular for quick decisions and email summarizer.
It is not just Gmail as the risk spreads as AI is incorporated into Google Docs, Calendar, and outside apps. Cybersecurity experts say some of these attacks are even being created and carried out by other AI systems, not just human hackers. Google has reminded users that it does not issue security alerts through Gemini summaries. So if a summary tells you your password is at risk or gives you a link to click, treat it as suspicious and delete the email.
In a recent blog, Google said that Gemini now ask for confirmation before doing anything risky, like sending an email or deleting something. That extra step gives users a chance to stop the action, even if the AI was tricked. Google also displays a yellow banner if it detects and blocks an attack. If the system finds a suspicious link in a summary, it removes it and replaces it with a safety alert. But some problems still have not been solved.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Daily Record
5 hours ago
- Daily Record
Google Pixel fans rush to snap up £13 a month Pixel 9a deal from Sky
This budget Pixel device is ideal for those who don't want to break the bank on a new phone Google's latest Pixel phone is on the horizon, with a new Made by Google event scheduled for next month. However, we've spotted a fantastic deal on a Pixel phone that's worth taking note of. The Google Pixel 9a is the budget-friendly Pixel device to consider, particularly for mobile enthusiasts who don't want to break the bank on a new handset. Sky is currently offering the device for £13 per month with no upfront cost. This represents a significant price reduction on the device over a 36-month contract, meaning customers will pay a total of £468. This doesn't include the data plan, so Pixel fans should factor that into the overall cost. The Pixel 9a boasts an impressive 6.3-inch OLED display identical to the Pixel 9, down to the same 1080p resolution, 120Hz refresh rate for smooth scrolling and decent brightness. It also features the same Tensor G4 chipset as the other Pixel 9 phones, and performance is only slightly lower due to the 8GB RAM on the 9a compared to 12GB, making this a top-notch budget phone. Elsewhere, Carphone Warehouse has deals on the Apple iPhone 15, with prices from £29.99 per month. For shoppers looking for some other phone alternatives, the newest Galaxy Z Fold7 is out and it's perfect for those who want to splash out. is offering some enticing pre-order deals for the gadget, and with the upgrades it boasts, it might just be worth the investment. Prices kick off at £44.99 a month, with double the storage included. Tech experts at our sister paper the Daily Express put the budget Pixel 9a through its paces and was thoroughly impressed with the device. In his review, he wrote: " The Pixel 9a is good enough to recommend [...] to the point that its simplicity is its biggest asset. It has a sensible design, great battery life, nice screen and flagship-quality camera and seven years of support all for £499. "Not many phones out there can match it for that price, though its main competitor is the Nothing Phone 3a, a phone with an outlandish design and inferior screen to the Pixel, but triple cameras and great software for £329." Nevertheless, he did highlight concerns about the handset's rear appearance. He added: "The one thing I don't love is the new look for the back of the phone, but the changes make sense. It makes a nice change from most other phones that wobble when placed down because of their camera housing, but the design looks like a prototype and a little unfinished."
Daily Mail
5 hours ago
- Daily Mail
Women-only app to discuss the men they date suffers massive data breach
Tea, an app designed to let women safely discuss men they date has been breached, with thousands of selfies and photo IDs of users exposed, the company confirmed. Tea said that about 72,000 images were leaked online, including 13,000 images of selfies or selfies featuring a photo identification that users submitted during account verification. Another 59,000 images publicly viewable in the app from posts, comments and direct messages were also accessed without authorization, according to a Tea spokesperson on Friday. No email addresses or phone numbers were accessed, the company said, and the breach only affects users who signed up before February 2024. 'Tea has engaged third-party cybersecurity experts and are working around the clock to secure its systems,' the company said. 'At this time, there is no evidence to suggest that additional user data was affected. Protecting tea users´ privacy and data is their highest priority.' Tea presents itself as a safe way for women to anonymously vet men they might connect with on dating apps such as Tinder or Bumble - ensuring that your date is 'safe, not a catfish, and not in a relationship.' 'Tea is a must-have app, helping women avoid red flags before the first date with dating advice, and showing them who´s really behind the profile of the person they´re dating,' reads Tea's app store description. 404 Media, which earlier reported the breach, said it was 4Chan users who discovered an exposed database that 'allowed anyone to access the material' from Tea. 'While reporting this story, a URL the 4chan user posted included a voluminous list of specific attachments associated with the Tea app. 404 Media saw this list of files. In the last hour or so, that page was locked down, and now returns a 'Permission denied' error,' 404 Media reported Friday.
Reuters
15 hours ago
- Reuters
Microsoft probing if Chinese hackers learned SharePoint flaws through alert, Bloomberg News reports
July 25 (Reuters) - Microsoft (MSFT.O), opens new tab is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, Bloomberg News reported on Friday. A security patch Microsoft released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the door to a sweeping global cyber espionage effort. In a blog post on Tuesday, Microsoft said two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," were exploiting the weaknesses, along with a third, also based in China. The tech giant is probing if the program led to the widespread exploitation of vulnerabilities in its SharePoint software globally over the past several days, the report said. Microsoft did not immediately respond to a Reuters request for comment on the report.
