A shocking cybersecurity discovery has revealed that hackers can take control of smart home devices by tricking Google’s AI assistant, Gemini. This is done using a technique called “prompt injection,” where harmful instructions are hidden inside Google Calendar invites.
When Gemini reads those invites aloud, the hidden commands can silently trigger actions—like opening windows or turning off the lights—without the user even realizing it.
This vulnerability was recently made public at the Black Hat cybersecurity conference, one of the biggest events where experts reveal major digital threats. However, the researchers had already warned Google about this issue in February.
Google has since confirmed the problem and says it is working hard to protect users. Even though the company insists such attacks are rare, the fact that they’re possible at all is raising concern.
How Hackers Are Taking Over Smart Homes
This attack doesn’t require clicking links or downloading harmful files. Instead, the hacker sends a regular Google Calendar invite that contains a secret message. This message is not visible in the usual way. When a user asks Gemini to summarize upcoming calendar events, the AI reads everything—visible or not.
Things get worse when the user responds naturally to Gemini. Even something as simple as saying “Thanks” can be enough to trigger the hidden command. Gemini then passes that instruction along to Google’s smart home system, which might cause it to perform unexpected actions like unlocking doors, turning off cameras, or opening windows.
Critical Vulnerabilities: The Dark Side of Pacemaker Technology
Because Gemini is deeply connected to Google Home, which controls smart devices like lights, thermostats, and locks, this type of breach could have real-world consequences. A simple calendar event could lead to someone unknowingly giving hackers control over their own home.
This method of attack is especially dangerous because it feels completely normal. People use calendar apps, talk to AI assistants, and manage smart devices every day without thinking twice. But this discovery shows that even trusted tools can be used in unexpected and harmful ways.
What This Means for Everyday Users
Many homes now rely on smart technology to control daily routines. Lights turn on with voice commands. Doors lock and unlock using apps. Thermostats adjust based on who is home. All of this is often managed by systems like Google Home, connected through assistants like Gemini.
The fact that a hidden calendar message could lead to these systems being controlled by someone else is deeply concerning. Even though Google has stated that such hacks are extremely rare, the company has acted quickly to boost its security tools and make Gemini more resistant to this kind of manipulation.
Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?
This issue also highlights how powerful AI tools can be vulnerable to creative misuse. Hackers no longer need to rely on obvious scams or viruses. Instead, they can hide harmful messages in everyday features that seem safe, like calendar invites or voice assistants.
Google is working behind the scenes to fix this, but users should still be cautious. Be careful with unexpected calendar invites, especially if they come from unknown contacts. Review app settings regularly to see what permissions AI assistants have. It’s also a good idea to limit how much control these assistants have over devices inside your home, just in case.
