JAKARTA Hackers have found new ways to take advantage of Google Gemini for phishing purposes. One researcher managed to find this gap and demonstrated how the gap could be used.
Google has responded, trying to convince users, while acknowledging that they have not found Gemini's evidence manipulated in the way researchers have pointed out.
The gap has been detected on Google Gemini, particularly on Google Gemini for Workspace, which allows attackers to hijack an email summary for phishing purposes.
So, what's really going on here? Google Gemini can be exploited to generate a legitimate-looking email summary, but it's not. This summary may include malicious instructions or alerts that direct users to phishing sites.
Some of you may remember that a similar attack was reported last year. Google has implemented security measures, but it seems the same technique is still working.
This vulnerability was expressed through Odin, Mozilla's bug bounce program for a generative AI tool. The researcher who revealed it was Marco Figueroa, Bug Bounty GenAI Program Manager in Mozilla.
SEE ALSO:
-
| TEKNOLOGI
Jadi Juara FFNS 2025 Fall, Kagendra Siap Berlaga di FFWS SEA 2025 Fall
14 Juli 2025, 21:05 -
| TEKNOLOGI
Perlu Diganti, Ini Aplikasi Jadul Windows yang Harus Anda Tinggalkan
14 Juli 2025, 20:35 -
| TEKNOLOGI
Teknologi AI untuk Membuat Logo, Apa Saja? Simak Pembahasannya di Sini!
14 Juli 2025, 20:05
How does it work? The attacker made an email with a hidden direction for Gemini. The attacker can hide malicious instructions at the end of the messaging text body using HTML and CSS which regulates the font size to zero and the color becomes white.
Because of these settings, the instruction will not be displayed in Gmail. Given that no attachments or links are included, it is likely that the message will reach a potential target entry box, and does not end up in a spam folder or is immediately blocked. If the person receiving the email asks Gemini to create an email summary, Google's AI tool will unravel the hidden directive and comply with it.
BleepingComputer has contacted Google for comment, and a spokesperson pointed to Google's blog post about security measures against the order injection attack. He also stated: "We continue to strengthen our already strong defenses through red-teaming exercises that train our model to survive this type of adversarial attack."
He also said that Google had not seen evidence of incidents manipulating Gemini in the way Figueroa demonstrated.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
