News: 1759842190

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

How your mouse could eavesdrop on you and rat you out

(2025/10/07)


The mouse sitting next to you can be turned into a microphone thanks to some cunning use of its sensors to pick up vibrations from your voice in an attack dubbed Mic-E-Mouse.

Researchers at UC Irvine [1]have found that optical mice equipped with 20,000 DPI sensors and decent latency can be used as a basic microphone with software designed to figure out speech patterns based on the vibration of the user's voice. The team used a $35 mouse to test the system and found it could capture speech with 61 percent accuracy, depending on voice frequency.

"The main two parameters we look at in the mouse are the sampling rate and the DPI," Mohamad Fakih told The Register . "And it's capable of picking up more than just speech. If there's anyone in the room and their steps are causing vibrations, you can track their movement."

[2]

For the attack to work, a miscreant must first infect the computer – but they don't need especially advanced malware. Security software usually protects mouse data less rigorously than it does core system functions. This allows attackers to exfiltrate it relatively easily, and all it takes is one malicious app – possibly disguised as open source software – that uses mouse data.

[3]Don't want drive-by Ollama attackers snooping on your local chats? Patch now

[4]Logitech's MX Master 4 mouse buzzes with haptic feedback but lacks lefty love

[5]FBI cyber cop: Salt Typhoon pwned 'nearly every American'

[6]Stalkerware firm gets scooped by SQL-slinging security snoop

Once they collect the data, researchers run it through a Wiener filter to remove noise and then feed it into a transformer-based neural network to identify actual words. Numbers are particularly easy to detect, which will be worrying for those reading out their credit card details to a vendor, for example. You can see it in action below.

[7]YouTube Video

[8]

[9]

There are some limitations. To record optimally, users must place the mouse on a flat, clear surface. A mouse mat or desk cover reduces the mouse's ability to collect voice data, and noisy offices or nearby machinery can also make snooping much harder.

But it's a novel attack and one that the team is trying to fix. Under responsible disclosure rules, the researchers informed 26 vulnerable mouse manufacturers, which are now developing a workaround to safeguard sensor data.

[10]

Fakih said the mouse might even be able to detect keystrokes. Because each key sounds different, researchers could potentially identify what someone is typing based on vibrations the nearby mouse detects, even while someone is using it.

"If the hand movements don't completely overpower the mouse vibrations, you can run a low-pass filter," he said. "Of course, there is some signal degradation there but you can still probably recover some data."

The UC Irvine team has spent more than a decade developing smart side-channel attacks, and this mouse research took over two and a half years to reach its current sophistication. The team is now exploring whether sensors on commercially available drones can serve the same purpose. ®

Get our [11]Tech Resources



[1] https://arxiv.org/html/2509.13581v1#S10

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aOU5FO7OinyyAXz0KuYtdgAAAIc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://www.theregister.com/2025/08/19/ollama_driveby_attack/

[4] https://www.theregister.com/2025/09/30/logitech_mx_master_4/

[5] https://www.theregister.com/2025/08/28/fbi_cyber_cop_salt_typhoon/

[6] https://www.theregister.com/2025/07/06/infosec_roundup/

[7] https://www.youtube.com/watch?v=CY7Z37Ul8aQ

[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aOU5FO7OinyyAXz0KuYtdgAAAIc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aOU5FO7OinyyAXz0KuYtdgAAAIc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aOU5FO7OinyyAXz0KuYtdgAAAIc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[11] https://whitepapers.theregister.com/


zeos

The biggest flaw in this attack is that you have to have someone to talk to for it to work.

John Robson

Unless it's reading keystrokes...

zeos

Nooooooooooooooooo! This can't be happening. My clicky keyboard would never betray me.

The Oncoming Scorn

Reading keystrokes is mentioned in the article, I also recall a episode of Spooks (MI:5) doing something similar by getting a target to retype a CV or Resume with a "calibrated test phrase" so they could "read" what he was typing into documents & emails.

Icon is not being used in its usual context.

Nominative Determinism?

Anonymous Custard

The cynic in me wonders a bit whether they came up with the name first and then spent the time working out an attack vector that was a good fit for it...

It is quite clever though, in a rather niche and specific way.

Amazon can help here!!!!!

Wellyboot

Their Basic mouse is only 1000DPI

I doubt a mouse can move that far listening to voice or clicks

Is that written by Microsoft?! Apple?

Joe W

"all it takes is one malicious app – possibly disguised as open source software"

Seriously?!

Re: Is that written by Microsoft?! Apple?

b0llchit

Please, consider the "sponsors" and paid "subscriptions" to wonderful places that no commoner else could afford. You gotta get your bribe collaboration funding from somewhere, don't you?

45RPM

Presumably the mouse would have to be calibrated to a particular keyboard. So there’d have to be a known, repeated, key sequence to set up the mouse for keystroke recognition?

"each key sounds different"

Pascal Monett

Not to me, but I will acknowledge that my hearing isn't what it used to be.

That said, if each key does sound different, then each keyboard sounds different as well. Seems to be a bit difficult to have a standard library, so it means calibrating the keys to specific frequencies.

Okay, congrats on having found a new attack vector, even if it is only 60% reliable.

Still, this whole thing stikes me as a bit of intellectual masturbation. If you can get malware onto a PC via an pseudo-open-source program, you've got better things to do than listen to mouse vibrations.

Re: "each key sounds different"

Eclectic Man

come on, folks, we need to play some music to overwhelm the mouse:

https://www.youtube.com/watch?v=apBWI6xrbLY

If I kiss you, that is an psychological interaction.
On the other hand, if I hit you over the head with a brick,
that is also a psychological interaction.
The difference is that one is friendly and the other is not
so friendly.
The crucial point is if you can tell which is which.
-- Dolph Sharp, "I'm O.K., You're Not So Hot"