{"id":54659,"date":"2025-10-23T15:34:47","date_gmt":"2025-10-23T19:34:47","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=54659"},"modified":"2025-10-23T15:34:47","modified_gmt":"2025-10-23T19:34:47","slug":"mic-e-mouse-attack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/mic-e-mouse-attack\/54659\/","title":{"rendered":"Can your mouse eavesdrop on you?"},"content":{"rendered":"

A recent publication<\/a> by researchers at the University of California, Irvine, demonstrates a fascinating fact: optical sensors in computer mice have become so sensitive that, in addition to tracking surface movements, they can pick up even minute vibrations \u2014 for instance, those generated by a nearby conversation. The theoretical attack, dubbed \u201cMic-E-Mouse\u201d, could potentially allow adversaries to listen in on discussions in \u201csecure\u201d rooms, provided the attacker can somehow intercept the data transmitted by the mouse. As is often the case with academic papers of this kind, the proposed method comes with quite a few limitations.<\/p>\n

Specifics of the Mic-E-Mouse attack<\/h2>\n

Let\u2019s be clear from the start \u2014 not just any old mouse will work for this attack. It specifically requires models with the most sensitive optical sensors. Such a sensor is essentially an extremely simplified video camera that films the surface of the desk at a resolution of 16\u00d716 or 32\u00d732 pixels. The mouse\u2019s internal circuitry compares consecutive frames to determine how far and in which direction the mouse has moved. How often these snapshots are taken determines the mouse\u2019s final resolution, expressed in dots per inch (DPI). The higher the DPI, the less the user has to move the mouse to position the cursor on the screen. There\u2019s also a second metric: the polling rate \u2014 the frequency at which the mouse data is transmitted to the computer. A sensitive sensor in a mouse that transmits data infrequently is of no use. For the Mic-E-Mouse attack to even be feasible, the mouse needs both a high resolution (10\u00a0000DPI or more) and a high polling rate (4000Hz or more).<\/p>\n

Why do these particular specifications matter? Human speech, which the researchers intended to eavesdrop on, is audible in a frequency range of approximately 100 to 6000Hz. Speech causes sound waves, which create vibrations on the surfaces of nearby objects. Capturing these vibrations requires an extremely precise sensor, and the data coming from it must be transmitted to the PC in the most complete form possible \u2014 with the data update frequency being most critical. According to the Nyquist\u2013Shannon sampling theorem<\/a>, an analog signal within a specific frequency range can be digitized if the sampling rate is at least twice the highest frequency of the signal. Consequently, a mouse transmitting data at 4000Hz can theoretically capture an audio frequency range up to a maximum of 2000Hz. But what kind of recording can a mouse capture anyway? Let\u2019s take a look.<\/p>\n

\"Results<\/a>

Results of the study on the sensitivity of a computer mouse\u2019s optical sensor for capturing audio information. Source<\/a><\/p><\/div>\n

In graph (a), the blue color shows the frequency response typical of human speech \u2014 this is the source data. Green represents what was captured using the computer mouse. The yellow represents the noise level. The green corresponds very poorly to the original audio information and is almost completely drowned in noise. The same is shown in a spectral view in graph (d). It looks as though it\u2019s impossible to recover anything at all from this information. However, let\u2019s look at graphs (b) and (c). The former shows the original test signals: tones at 200 and 400Hz, as well as a variable frequency signal from 20 to 16\u00a0000Hz. The latter shows the same signals, but captured by the computer mouse\u2019s sensor. It\u2019s clear that some information is preserved, although frequencies above 1700Hz can\u2019t be intercepted.<\/p>\n

Two different filtering methods were applied to this extremely noisy data. First, the well-known Wiener filtering<\/a> method, and second, filtering using a machine-learning system trained on clean voice data. Here\u2019s the result.<\/p>\n

\"Spectral<\/a>

Spectral analysis of the audio signal at different stages of filtering. Source<\/a><\/p><\/div>\n

Shown here from left to right are: the source signal, the raw data from the mouse sensor (with maximum noise), and the two filtering stages. The result is something very closely resembling the source material.<\/p>\n

So what kind of attack could be built based on such a recording? The researchers propose the following scenario: two people are holding a conversation in a secure room with a PC in it. The sound of their speech causes air vibrations, which are transmitted to the tabletop, and from the tabletop to the mouse connected to the PC. Malware installed on the PC intercepts the data from the mouse, and sends it to the attackers\u2019 server. There, the signal is processed and filtered to fully reconstruct the speech. Sounds rather horrifying, doesn\u2019t it? Fortunately, this scenario has many issues.<\/p>\n

Severe limitations<\/h2>\n

The key advantage of this method is the unusual attack vector. Obtaining data from the mouse requires no special privileges, meaning security solutions may not even detect the eavesdropping. However, not many applications access detailed data from a mouse, which means the attack would require either writing custom software, or hacking\/modifying specialized software that is capable of using such data.<\/p>\n

Furthermore, there are currently not many mice models with the required specifications (resolution of 10\u00a0000DPI or higher, and polling rate of 4000Hz or more). The researchers found about a dozen potential candidates and tested the attack on two models. These weren\u2019t the most expensive devices \u2014 for instance, the Razer Viper 8KHz costs around $50 \u2014 but they are gaming mice, which are unlikely to be found connected to a typical workstation. Thus, the Mic-E-Mouse attack is future-proof rather than present-proof: the researchers assume that, over time, high-resolution sensors will become standard even in the most common office models.<\/p>\n

The accuracy of the method is low as well. At best, the researchers managed to recognize only 50 to 60 percent of the source material. Finally, we need to consider that for the sake of the experiment, the researchers attempted to simplify their task as much as possible. Instead of capturing a real conversation, they were playing back human speech through computer speakers. A cardboard box with an opening was placed on top of the speakers. This opening was covered with a membrane with the mouse on top of it. This means the sound source was not only artificial, but also located mere inches from the optical sensor! The authors of the paper tried covering the hole with a thin sheet of paper or cardboard, and the recognition accuracy immediately plummeted to unacceptable levels of 10\u201330%. Reliable transmission of vibrations through a thick tabletop isn\u2019t even a consideration.<\/p>\n

Cautious optimism and security model<\/h2>\n

Credit where it\u2019s due: the researchers found yet another attack vector that exploits unexpected hardware properties \u2014 something no one had previously thought of. For a first attempt, the result is remarkable, and the potential for further research is undoubtedly there. After all, the U.S. researchers only used machine learning for signal filtering. The reconstructed audio data was then listened to by human observers. What if neural networks were also used for speech recognition?<\/p>\n

Of course, such studies have an extremely narrow practical application. For organizations whose security model must account for even such paranoid scenarios, the authors of the study propose a series of protective measures. For one, you can simply ban connecting mice with high-resolution sensors \u2014 both through organizational policies and, technically, by blocklisting specific models. You can also provide employees with mousepads that dampen vibrations. The more relevant conclusion, however, concerns protection against malware: attackers can sometimes utilize completely atypical software features to cause harm \u2014 in this case, for espionage. So it\u2019s worth identifying and analyzing even such complex cases; otherwise, it may later be impossible to even determine how a data leak occurred.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

The optical sensors in computer mice can be used for eavesdropping. We break down why this is fascinating \u2014 but still a long way from real-world practicality.<\/p>\n","protected":false},"author":665,"featured_media":54662,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3051,3052],"tags":[1226,4675],"class_list":{"0":"post-54659","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-hardware","11":"tag-side-channel-attacks"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/mic-e-mouse-attack\/54659\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/mic-e-mouse-attack\/29766\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/mic-e-mouse-attack\/24838\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/mic-e-mouse-attack\/29655\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/mic-e-mouse-attack\/40779\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/mic-e-mouse-attack\/35599\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/mic-e-mouse-attack\/35223\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/side-channel-attacks\/","name":"side-channel attacks"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/54659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/665"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=54659"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/54659\/revisions"}],"predecessor-version":[{"id":54664,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/54659\/revisions\/54664"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/54662"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=54659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=54659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=54659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}