Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Flaw in Gemini API Exposes AI Voice Sessions to Risks

Flaw in Gemini API Exposes AI Voice Sessions to Risks

Posted on July 6, 2026 By CWS

A recent security vulnerability within Google’s Gemini Live API presents a significant risk by allowing threat actors to hijack AI voice sessions, leading to unauthorized code execution. This issue arises from a misconfiguration of ephemeral tokens, stemming from Google’s own reference implementation.

Understanding the Gemini API Functionality

Security expert Alvin Ferdiansyah discovered that the Gemini Live API facilitates real-time voice interactions through continuous WebSocket connections. The API has two main endpoints: BidiGenerateContent, which uses a raw API key for server communications, and BidiGenerateContentConstrained, tailored for browser clients with short-lived tokens to keep the API key secure from the client.

Each session begins with a client-supplied setup frame, which details the model, system instructions, and available tools like code execution and web searching. Importantly, all fields in this setup are optional, meaning that anything not restricted by the backend defaults to client control.

Token Misconfiguration Risks

Ephemeral tokens are created through a backend process that can secure the model and system prompt using the live_connect_constraints field. However, Google’s documentation indicates that the server will accept any client-specified setup frame unless this field is used to enforce constraints, leading to a disconnect between authentication and authorization.

This issue is exacerbated by Google’s reference code, which omits the live_connect_constraints setup in its token creation script. Consequently, developers using this code inherit the vulnerability, making their implementations susceptible to exploitation.

Real-World Implications and Mitigation

In practical tests, Ferdiansyah intercepted token responses to an AI voice assistant and found them to be unconstrained, despite using the “Constrained” endpoint. The process of obtaining a valid token was simple, requiring only an email and OTP, which allowed him to send a custom setup frame and execute code within Google’s gVisor sandbox.

While the gVisor sandbox limits certain actions, such as outbound network access, the unrestricted use of API resources poses a significant risk of resource abuse. The solution involves adding a specific field to the token-minting process to lock session parameters, effectively closing this vulnerability.

Organizations using ephemeral tokens for Gemini Live API integrations should ensure the implementation of this fix to prevent exposure to similar security flaws.

Cyber Security News Tags:AI voice sessions, AI vulnerabilities, Cybersecurity, ephemeral tokens, Gemini API, Google, security flaw, technology news, token misconfiguration, WebSocket

Post navigation

Previous Post: Veil#Drop: New Malware Threat via Blogspot Platforms
Next Post: Iranian Hackers Deploy Cavern C2 Framework on Israel

Related Posts

Chinese Cyber Group Targets US Medical Research via REDCap Chinese Cyber Group Targets US Medical Research via REDCap Cyber Security News
NCSC Warns of Hacktivist Groups Attacking UK Organisations and Online Services NCSC Warns of Hacktivist Groups Attacking UK Organisations and Online Services Cyber Security News
Eurofiber Data Breach – Hackers Exploited Vulnerability to Exfiltrate Users’ Data Eurofiber Data Breach – Hackers Exploited Vulnerability to Exfiltrate Users’ Data Cyber Security News
Threat Actor Exploited Multiple FortiWeb Appliances to Deploy Sliver C2 for Persistent Access Threat Actor Exploited Multiple FortiWeb Appliances to Deploy Sliver C2 for Persistent Access Cyber Security News
New PerfektBlue Attack Exposes Millions of Cars to Remote Hacking New PerfektBlue Attack Exposes Millions of Cars to Remote Hacking Cyber Security News
Top VPNs for Chrome in 2026: Secure Your Browsing Top VPNs for Chrome in 2026: Secure Your Browsing Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark