Researchers warn the public: "Cybercriminals can turn on your home's heating, make videos without you noticing, and even open your windows."

An invitation is all cybercriminals need to take control of Gemini and manipulate connected devices on a home network, in a type of attack known as 'promptware.' Promptware leverages the integration of large language models (LLMs) into applications to introduce malicious prompts that can compromise the AI assistants that integrate them.

The risk to users is real, as demonstrated by three researchers from Tel Aviv University (Israel), Ben Nassi, Stav Cohen, and Or Yair. In their work, they used promptware attacks targeting Google's Gemini assistant to gain access to its Workspace architecture and manipulate smart home devices or extract information from email.

The variant of promptware they used allows malicious prompts to be inserted into Gemini via emails, calendar invitations, or shared documents. For example, cybercriminals send a victim an invitation to their Gmail or Calendar account , and when the victim requests information about that email from Gemini, the malicious prompt is activated and compromises the assistant.

This opens the door to manipulating the services and devices the victim uses with Gemini, making it easier to control the thermostat, home lighting , or access email, for example.

With this, cybercriminals can turn off the light, turn on the heating, stream video without the victim's knowledge , delete calendar events, extract data from email, geolocate the victim, and even open a window.

This type of attack impacts Gemini on both the mobile and web apps, as well as the Google Assistant. According to the researchers, 73 percent of the threats they analyzed in their research pose a high-critical risk. As they report, they notified Google of this threat in February, and during this time, the tech company has implemented "multi-layered defenses" to mitigate the identified security issues.