Security Study Reveals Insights into Google’s Gemini Chatbot Code
A recent study conducted by researchers has shed light on the isolated environment for the Python code used by Google in their Gemini Chatbot. The Gemini Chatbot allows developers to generate code to describe a problem and immediately execute it, streamlining the code-checking process. The code runs in an isolated environment that only allows the execution of the Python interpreter.
One of the findings of the study was the discovery of an executable file called /usr/bin/ess/entry_point, which occupied 579 MB. Researchers extracted this file by creating a script that sequentially displayed its contents in Base64 format. They then automated the reassembly of the data and obtained a copy of the file using the caido tool.
Further analysis of the extracted file using the utility binwalk revealed the presence of a Google3 directory containing Python code components for various services such as YouTube, Google Flights, and Google Maps. These components included RPC for the interaction of the Gemini Ai-model with external Google services.
Upon studying the file contents, researchers found that the code was not confidential and had been approved for public access by Google’s Security Service. However, a deeper analysis revealed the presence of Protocol Buffer specifications, detailing internal data structures for data exchange between different Google services. The benefits of accessing these Proto files were questioned, as similar files had been extracted by other researchers from Google App Engine seven years ago.