Researchers from the University of California, Irvine have presented the Mic-E-Mouse attack. The specialists demonstrate that high-DPI optical sensors in modern mice can pick up minute surface vibrations, enabling highly accurate reconstruction of words spoken near the device.
The attack is based on the operation of ultra-sensitive optical sensors used in modern gaming and professional devices. These sensors, which track movement with high precision (20,000 DPI and above), are sensitive enough to detect the slightest vibrations caused by sound waves traveling through the surface of the desk.
In other words, when someone is speaking nearby, the surface of the desk vibrates slightly, and the mouse sensor picks up these microvibrations. The researchers said that this feature can be turned into a side-channel attack.
In their report, the experts describe a process that turns raw and seemingly chaotic mouse movement data into intelligible audio signals. Although the source data obtained in such an attack are noisy and incomplete, the researchers developed a multi-stage pipeline based on digital signal processing and machine learning methods that filters out noise and reconstructs speech.
Thus, the raw data undergo digital processing using a Wiener filter, and then are further cleaned with a neural model, yielding a nearly clean audio signal.
During testing of the attack, the researchers managed to improve signal quality by up to +19 dB, and speech recognition accuracy ranged from 42% to 61% on standard datasets.
Moreover, the Mic-E-Mouse attack does not require malware or deep system access. It’s enough to obtain mouse packet data, and this can be done even through ordinary applications like video games or graphics editors that require high-speed data transfer from the mouse.
The information collection process is completely unnoticeable to the user, since standard telemetry is used here, and the audio reconstruction is performed on the attacker’s side.
“By using only a vulnerable mouse and the victim’s computer running compromised—or even benign—software (in the case of a web attack), it is possible to collect mouse packet data and then extract audio signals from it,” the researchers state.