Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Flaw in Gemini API Exposes AI Voice Sessions to Risks

Flaw in Gemini API Exposes AI Voice Sessions to Risks

Posted on July 6, 2026 By CWS

A recent security vulnerability within Google’s Gemini Live API presents a significant risk by allowing threat actors to hijack AI voice sessions, leading to unauthorized code execution. This issue arises from a misconfiguration of ephemeral tokens, stemming from Google’s own reference implementation.

Understanding the Gemini API Functionality

Security expert Alvin Ferdiansyah discovered that the Gemini Live API facilitates real-time voice interactions through continuous WebSocket connections. The API has two main endpoints: BidiGenerateContent, which uses a raw API key for server communications, and BidiGenerateContentConstrained, tailored for browser clients with short-lived tokens to keep the API key secure from the client.

Each session begins with a client-supplied setup frame, which details the model, system instructions, and available tools like code execution and web searching. Importantly, all fields in this setup are optional, meaning that anything not restricted by the backend defaults to client control.

Token Misconfiguration Risks

Ephemeral tokens are created through a backend process that can secure the model and system prompt using the live_connect_constraints field. However, Google’s documentation indicates that the server will accept any client-specified setup frame unless this field is used to enforce constraints, leading to a disconnect between authentication and authorization.

This issue is exacerbated by Google’s reference code, which omits the live_connect_constraints setup in its token creation script. Consequently, developers using this code inherit the vulnerability, making their implementations susceptible to exploitation.

Real-World Implications and Mitigation

In practical tests, Ferdiansyah intercepted token responses to an AI voice assistant and found them to be unconstrained, despite using the “Constrained” endpoint. The process of obtaining a valid token was simple, requiring only an email and OTP, which allowed him to send a custom setup frame and execute code within Google’s gVisor sandbox.

While the gVisor sandbox limits certain actions, such as outbound network access, the unrestricted use of API resources poses a significant risk of resource abuse. The solution involves adding a specific field to the token-minting process to lock session parameters, effectively closing this vulnerability.

Organizations using ephemeral tokens for Gemini Live API integrations should ensure the implementation of this fix to prevent exposure to similar security flaws.

Cyber Security News Tags:AI voice sessions, AI vulnerabilities, Cybersecurity, ephemeral tokens, Gemini API, Google, security flaw, technology news, token misconfiguration, WebSocket

Post navigation

Previous Post: Veil#Drop: New Malware Threat via Blogspot Platforms
Next Post: Iranian Hackers Deploy Cavern C2 Framework on Israel

Related Posts

Critical Vulnerability in Python PLY Library Enables Remote Code Execution Critical Vulnerability in Python PLY Library Enables Remote Code Execution Cyber Security News
Atomic macOS Info-Stealer Upgraded With New Backdoor to Maintain Persistence Atomic macOS Info-Stealer Upgraded With New Backdoor to Maintain Persistence Cyber Security News
Earn CPE Credits with SRA’s Purple Team Exercises Earn CPE Credits with SRA’s Purple Team Exercises Cyber Security News
GitLab Security Update – Patch For Multiple Vulnerabilities That Enables DoS Attack GitLab Security Update – Patch For Multiple Vulnerabilities That Enables DoS Attack Cyber Security News
North Korean Kimsuky Hackers Leveraged GitHub to Attack Foreign Embassies with XenoRAT Malware North Korean Kimsuky Hackers Leveraged GitHub to Attack Foreign Embassies with XenoRAT Malware Cyber Security News
New Wave of Steganography Attacks: Hackers Hiding XWorm in PNGs  New Wave of Steganography Attacks: Hackers Hiding XWorm in PNGs  Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark