Google API Keys Expose Gemini AI Data in New Security Flaw

A newly identified security vulnerability has revealed that Google API keys, often embedded in website code for services like Maps, can be exploited to gain unauthorized access to the Gemini AI assistant and potentially sensitive data. Security researchers uncovered this flaw after discovering that keys previously considered low-risk have gained powerful new privileges with the launch of Gemini, turning old exposures into serious security incidents.

The issue stems from a shift in how these keys function. For years, developers have openly used Google Cloud API keys in client-side code to enable features such as embedded YouTube videos, interactive maps, or analytics tracking. Because these keys were limited to specific, non-sensitive services, their public exposure was not a major concern. However, when Google introduced its Gemini AI assistant, the company configured the system so that the same broadly used API keys could also authenticate requests to the Gemini API. This change effectively transformed thousands of publicly visible keys into potential gateways for accessing private AI services.

Researchers at TruffleSecurity conducted a scan of popular websites and found nearly 3,000 live Google API keys exposed in public JavaScript code. These keys belonged to organizations across various sectors, including major financial institutions, security firms, and even Google’s own public-facing product pages. In one instance, a key had been sitting openly in a webpage’s source code since early 2023. The security team demonstrated the risk by using a discovered key to successfully query the Gemini API and list available AI models.

The implications of this flaw are significant. An attacker who copies an exposed API key could use it to make calls to the Gemini API, potentially accessing sensitive functionalities or data. Since using the Gemini API incurs costs, a threat actor could also generate substantial fraudulent charges on a victim’s account. Researchers estimate that maxing out API calls with certain models could cost thousands of dollars per day per compromised key.

Google was notified of the problem in late November. After an extended review, the company classified the issue in January as a “single-service privilege escalation.” In response, Google stated it has implemented proactive measures to detect and block leaked API keys from accessing the Gemini API. The company also noted that new AI Studio keys will now default to a Gemini-only scope, and developers will receive notifications if a leak is detected.

For developers, immediate action is required. They should audit all Google Cloud projects to verify whether the Gemini API is enabled and scrutinize all API keys in their environment for public exposure. Any key found to be exposed should be rotated immediately to revoke potential access. Security teams can also utilize open-source tools like TruffleHog to scan code and repositories for live, exposed credentials. This incident underscores the critical need to treat all API keys as sensitive secrets, especially as service permissions evolve over time.

In related news, a separate mobile security report noted that scans of hundreds of thousands of apps uncovered tens of thousands of exposed Google API keys, highlighting that this is a widespread issue extending beyond traditional websites.

(Source: Bleeping Computer)