Researchers at the University of California, Irvine have demonstrated Mic‑E‑Mouse, a novel acoustic side‑channel attack that repurposes modern high‑DPI optical mice as improvised “microphones.” By harvesting standard HID motion telemetry, the method captures tiny surface vibrations induced by human speech and reconstructs an intelligible audio signal—without accessing the system microphone.
How the Mic‑E‑Mouse acoustic side‑channel works
Contemporary gaming and professional mice commonly ship with optical sensors rated at 20,000 DPI+ and polling rates of 1,000–8,000 Hz. These sensors are engineered to register minute sub‑pixel movements, but the same sensitivity makes them responsive to micro‑vibrations that speech propagates through rigid desks. As a result, the stream of x/y displacement packets in ordinary HID telemetry encodes patterns that correlate with speech dynamics.
From jitter to speech: DSP and machine learning pipeline
Raw pointer data is noisy and non‑stationary. The UCI team showed that a staged processing pipeline can convert it into usable audio. First, a Wiener filter attenuates noise and restores spectral characteristics aligned with human speech. The output is then refined with a neural denoiser tuned to the speech band, yielding a cleaner waveform suitable for downstream automatic speech recognition (ASR).
In controlled experiments, the approach improved signal‑to‑noise ratio by ≈+19 dB, and delivered 42–61% ASR accuracy on standard benchmarks—evidence that the attack is practical under favorable conditions, particularly on hard desktops with limited ambient noise and a nearby speaker.
Threat model: HID telemetry instead of microphone access
A defining risk is that attackers do not need microphone permissions or privileged malware. Access to high‑rate raw HID events may be legitimately granted to common software classes—video games, creative tools, or mouse configuration utilities—via APIs such as Raw Input (Windows), evdev/libinput (Linux), or IOKit (macOS). Telemetry collection is typically invisible to end users, while speech reconstruction can occur off‑host.
Bottom line: a compromised or even ostensibly benign application with raw mouse input can harvest motion packets that leak speech content.
Positioning among acoustic side‑channels
Mic‑E‑Mouse extends a decade of research into vibration‑borne eavesdropping. Prior work includes MIT’s “Visual Microphone” (2014), which extracts audio from object micro‑motions; “Gyrophone” (2014), which infers speech from smartphone gyroscopes; and “Lamphone” (2020), which analyzes hanging lightbulb vibrations. The novelty here lies in leveraging mass‑market peripherals—optical mice—and standard HID telemetry accessible to a wide application base.
Limitations and environmental factors
Effectiveness varies with surface material and stiffness, mouse feet and glide mechanics, sensor sensitivity and polling rate, ambient noise, and distance to the speaker. Hard desks, high polling rates, and close speech sources yield the strongest leakage. Even so, the reported SNR gains and ASR accuracy indicate material risk under realistic office conditions.
Security impact for enterprises and home offices
The primary concern is bypassing microphone permission models. Meeting rooms, home offices, and developer workstations that routinely authorize raw HID input present attractive targets. In risk terms, this class of leakage aligns with threats from compromised peripherals and IoT devices: low‑visibility, high‑impact, and difficult to monitor with conventional DLP controls.
Mitigation checklist for organizations and vendors
- Restrict raw HID access: Inventory and monitor applications requesting high‑rate mouse input. Gate via application control and least‑privilege policies; require explicit user prompts and logging.
- Reduce channel sensitivity: Lower mouse polling rate and DPI in sensitive zones; prefer vibration‑damping mouse pads; decouple the mouse body from rigid surfaces; manage cable slack to minimize mechanical coupling.
- Driver/firmware filtering: Vendors should consider filtering high‑frequency components unrelated to intentional pointer motion and suppress acoustically induced micro‑vibrations without harming UX.
- Segmentation and privacy modes: Enforce hardened profiles on conference and executive systems; block or sandbox software classes that request raw input during meetings.
- Detection and assurance: Alert on anomalously high polling or continuous raw‑input capture; incorporate side‑channel resilience into red‑team scenarios and procurement requirements.
Mic‑E‑Mouse underscores that everyday peripherals can become unintended sensors. Organizations should reassess trust in HID telemetry, tighten raw input permissions, and engage device vendors on firmware‑level damping and filtering. Proactive testing and policy updates will reduce exposure to this emerging acoustic side‑channel while improving overall resilience against data exfiltration techniques.
