Invitation Is All You Need! Invoking Gemini for Workspace Agents with a Google Calendar Invite
DAY 2
13:20-
14:00
Over the past two years, a new class of attacks known as Promptware has emerged, exploiting LLMs at inference time via crafted prompts. Though often dismissed as impractical or exotic, this talk will shatter that misconception forever. We introduce Targeted Promptware Attacks, where an attacker invites a victim to a Google Calendar meeting containing an indirect prompt injection. This hijacks Gemini’s integrated agents, on web, mobile, and Google Assistant-which operate with OS-level Android permissions. We demonstrate 15 real-world exploits, including spamming, phishing, data exfiltration, calendar deletion, device control (e.g., boiler, lights, windows), video streaming a victim via Zoom, and geolocating the victim. These attacks show Promptware’s ability to move laterally across agents and devices, leading to physical-world consequences. Using our threat assessment framework, we find that 73% of identified risks are high-critical, calling for immediate mitigations.
-
Location :
-
Track 1(HALL B)
-
-
Category :
-
General
-
-
Share :
Speakers
-
Or Yair
オル・ヤイル
Or Yair (@oryair1999) is a security research professional with seven years of experience, currently serving as the Security Research Team Lead at SafeBreach. His primary focus lies in vulnerabilities in the Windows operating system’s components, though his past work also included research of Linux kernel components and some Android components. Or's research is driven by innovation and a commitment to challenging conventional thinking. He enjoys contradicting assumptions and considers creativity as a key skill for research. Or frequently presents his vulnerability and security research discoveries internationally at top conferences he speaks at such as Black Hat, DEF CON, RSAC, SecTor, and many more.
-
Ben Nassi
ベン・ナッシ
Dr. Ben Nassi https://www.linkedin.com/in/ben-nassi-phd-68a743115/) is a Black Hat board member (Asia and Europe), a cybersecurity expert, and a consultant. Ben specializes in AI security, side channel attacks, cyber-physical systems, and threat analysis and risk assessment. His work has been presented at top academic conferences, published in journals and Magazines, and covered by international media. Ben is a frequent speaker at Black Hat (6), RSAC (2), and DEFCON (3) events and won the 2023 Pwnie Award for the Best Crypto Attack for Video-based Cryptanalysis.
-
Stav Cohen
スタヴ・コーエン
Stav Cohen's research focuses on Cyber-Physical Systems (CPS) that integrate Generative AI (GenAI) and Human-in-the-loop interactions, with emphasis on security and operational resilience. He conducts in-depth analysis of GenAI model architectures to identify vulnerabilities, develop attack strategies, and engineer defense mechanisms, contributing to a more secure GenAI ecosystem. In parallel, he explores how GenAI can be leveraged to enhance the security and performance of CPS, particularly in systems involving real-time human interaction. His work bridges AI, control systems, and cybersecurity to advance adaptive, intelligent, and robust CPS architectures.