Google Gemini Live API Flaw Allows RCE via Unconstrained Ephemeral Tokens
ID: 1290cef5-f094-5083-9b1f-4a6d595bde2f
STIX ID: report--1290cef5-f094-5083-9b1f-4a6d595bde2f
Feed Name: GBHackers
A misconfiguration in Google Gemini Live API ephemeral tokens — specifically omission of live_connect_constraints when issuing browser-facing tokens — allows attackers to supply malicious WebSocket setup frames that enable arbitrary Python execution (RCE) within AI voice sessions. A researcher demonstrated a proof-of-concept that executed system calls in Google’s gVisor sandbox; while gVisor limits network persistence and lateral movement, unconstrained tokens can still permit session hijacking, arbitrary code execution, and resource abuse. The recommended mitigation is to enforce locked live_connect_constraints (model, system_instruction, and empty tools) at token generation to prevent client-side overrides.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
