A serious vulnerability has been identified in the Gemini feature integrated into Gmail, paving the way for phishing attacks. According to BleepingComputer, hackers can manipulate email summaries for their malicious purposes.
This vulnerability was discovered by Marco Figueroa, program manager for GenAI Bug Bounty at Mozilla. He notes that attackers can conceal dangerous instructions within emails by formatting them in white and reducing the font size to zero, rendering the text invisible to users but still accessible to the Gemini system. Consequently, AI may automatically add false warnings to summaries, such as password breach alerts, along with fake support numbers.
While some users might disregard such messages, others may fall victim due to emotional manipulation. Figueroa emphasizes that security teams could develop methods to detect hidden content and check AI-generated summaries for dangerous URLs, phone numbers, or urgent claims.
BleepingComputer reached out to Google regarding this vulnerability in Gemini. A company representative stated that no evidence of abuse has been observed so far, but Google is already working on enhancing security and will soon implement additional protective measures.
