Modern computer accessories are constantly improving, offering higher precision, lower latency, and better user experiences. But what if those very advances—the high-fidelity sensors designed to improve your gaming or graphic design experience—were secretly turning your desktop peripheral into an intelligence-gathering tool?

A new side-channel attack, known as Mic-E-Mouse (MICrophone-Emulating-MOUSE), reveals a previously overlooked vulnerability: your optical computer mouse can be exploited to eavesdrop on confidential conversations.

The Unseen Threat: Invisible Ears at Your Fingertips

High-performance optical mouse sensors, commonly found in commercial devices costing less than $50, are crucial for improved user input. However, these advanced sensors possess a hidden weakness: they are so precise that they can detect minute vibrations caused by sound waves traveling across your desk surface.

In a scenario where a confidential conversation is happening near a computer, the speech creates subtle vibrations on the desktop. The mouse’s optical sensor detects these vibrations, and user-space software can collect this raw mouse data without needing elevated system-level permissions. An attacker can then process this data remotely, transforming seemingly innocuous movement logs into comprehensive audio.

This threat is particularly relevant today due to the rise in work-from-home policies, which makes it harder for institutions to control the physical security of their workforce's operating environments.

How a Mouse Becomes a Microphone

At its core, the Mic-E-Mouse attack works by making the mouse mimic the function of a microphone.

The Microphone Analogy

A traditional microphone converts sound waves into electrical signals by having a diaphragm vibrate in response to air pressure changes. Similarly, when sound hits your desk, the resulting surface vibrations cause tiny, minute movements of the mouse relative to the surface.

Optical mice work by illuminating the surface and capturing thousands of images per second via a built-in sensor (like a tiny camera). They interpret the changes between these successive images as movement. When speech causes vibrations, the sensor misinterprets this movement, creating a signal that contains the audio information.

Detecting Subtle Vibrations

The mouse sensor is designed to capture displacement information. Vibrations occur in two forms on a surface:

1. Longitudinal Vibrations: Moving parallel to the surface, causing traditional X/Y cursor movement.

2. Transverse Vibrations: Moving perpendicular to the surface. These subtle signals contain the necessary frequency range for sound reconstruction but are usually ignored during normal operation.

For the Mic-E-Mouse attack to be effective, the sensor must be sensitive enough to capture these subtle transverse vibrations. This is why high-DPI (Dots Per Inch) mice (10,000+ DPI) are particularly vulnerable, as they have the resolution required to detect minute displacements. High polling rates (up to 8 KHz) are also a key specification found in vulnerable mice like the Razer Viper 8KHz and Darmoshark M3.

The Mic-E-Mouse Attack Pipeline: From Noise to Intelligible Speech

The raw vibration signals collected by the mouse sensor are initially of very poor quality due to significant quantization, high noise levels, and non-uniform sampling. To overcome these issues, the Mic-E-Mouse pipeline employs a sophisticated, multi-stage process combining classical signal processing with machine learning.

Step 1: Data Collection

An attacker can access the mouse’s movement data logs via various methods:

• User-Space Applications: Software such as graphical frameworks (Qt, GTK, SDL) or game engines (Unity, PyGame, Unreal) provide real-time access to mouse data from unprivileged applications.

• Compromised Applications: Images/video editing applications or open-source games (like the proof-of-concept OpenBlok) that naturally gather high-frequency mouse data or telemetry can be exploited.

• Data Format: The collected data is a sequence of packets containing a timestamp and the directional movement ($\Delta X, \Delta Y$). Crucially, the mouse doesn't report movement if it's completely idle, leading to non-uniform sampling.

• 
  

Step 2: Preprocessing and Filtering

The collected data, which looks like noisy, non-uniform movement patterns, must be cleaned up to resemble an audio waveform.

1. Resampling Corrections: Because the sensor doesn't report periodically when idle, the data is non-uniform. A sinc-based resampling technique is used to accurately interpolate and reconstruct the fragmented signal.

2. Wiener Filtering: Environmental and sensor noise is a major problem. A custom-tuned Wiener Filter is applied to the waveform to efficiently increase the Signal-to-Noise Ratio (SNR).

Step 3: ML-based Signal Enhancement

The final stage uses sophisticated Machine Learning (ML) to refine the recovered signal.

• The system uses an encoder-only spectrogram neural filtering technique (inspired by the OpenAI Whisper model) to reconstruct the original speech signal.

• The model is trained on paired noisy mouse data signals and high-quality ground-truth audio waveforms to learn how to clean and reconstruct the sound.

  
  

Efficacy of the Attack

The Mic-E-Mouse pipeline proved highly effective in controlled environments:

• Signal Quality: The process significantly improved the audio quality. The SNR saw a dramatic gain of up to +19 dB compared to the raw data.

• Speech Recognition Accuracy: When tested using the reconstructed audio, the attack achieved a speech recognition accuracy of roughly 42% to 61% across the AudioMNIST and VCTK datasets. For instance, VCTK speech recognition achieved 62.30% accuracy, while AudioMNIST digit classification reached 61.57%.

• Human Perception: When human volunteers evaluated the reconstructed audio signals, the neural model achieved a Mean Opinion Score (MOS) of 4.06 (out of 5), indicating high perceived quality.

• 
  

What Makes a Mouse Vulnerable? The Environmental and Hardware Factors

The sources demonstrate that the success of the Mic-E-Mouse attack depends heavily on both the mouse's specifications and the victim’s environment.

1. Mouse Parameters (DPI and Polling Rate)

The best results are achieved when using high-performance mouse sensors, specifically the PAW3395 and PAW3399 models produced by PixArt Imaging Inc..

• These sensors are featured in popular products like the Razer Viper 8KHz and Darmoshark M3.

• Higher DPI settings generally yield better accuracy, especially when paired with high polling rates (like 8 kHz).

• These vulnerable high-performance mice are becoming more pervasive, validating the growing threat. The overwhelming majority (91.18%) of English phonemes fall within the frequency range of an 8KHz sensor.

  
  

2. Environmental Conditions

The physical surroundings play a critical role in sound transmission:

• Audio Volume: Higher volume levels lead to significantly improved accuracy. Accuracy drops sharply at lower volumes (e.g., 50 dB resulted in only ~16% accuracy for speech classification). The attack is most effective when conversations fall within the typical range of 60–80dB.

  
  

• Surface Material: The desktop material dictates how effectively vibrations propagate. Smoother surfaces, such as plastic, yield the highest classification accuracy (61.57% for digit classification). Rougher materials, like cardboard, resulted in significantly lower accuracies (23.06%). The work surface is assumed to be typical (like wooden or laminate desks, no more than 3cm thick).

  
  

Limitations and Essential Countermeasures

While powerful, the Mic-E-Mouse attack has limitations:

• Mouse Usage: Frequent or concurrent mouse movements interfere with the sensor inputs and degrade speech reconstruction. The attack works best when the pointer is stationary or experiencing minimal motion.

• Surface Constraints: Only thin, flexible surfaces effectively transmit speech vibrations. Rigid or overly thick surfaces inhibit this side-channel.

  
  

Defenses to Protect Yourself

Fortunately, there are simple countermeasures that can mitigate this risk:

• Use a Mouse Pad: Requiring a signal-absorbing mouse pad minimizes vibration-based eavesdropping with minimal user disruption.

• Blacklist Vulnerable Devices: IT security policies can ban high-risk devices featuring high-performance optical sensors (like the PAW3395 and PAW3399).

• Approved Peripherals: Institutions should maintain a curated list of safe mice for employees, especially those working in sensitive remote or office environments.

  
  

The continuous integration of high-fidelity sensors into consumer devices, while beneficial for user experience, simultaneously expands the attack surface for vulnerabilities like Mic-E-Mouse. By responsibly disclosing this vulnerability to vendors and emphasizing the need for stronger security protocols, the goal is to drive firmware updates and sensor modifications that limit side-channel leakage while preserving performance.