Researchers at the University of California, Irvine have discovered a potential security vulnerability, demonstrating that high-resolution optical computer mice can detect and translate desk vibrations into understandable speech, creating an unexpected acoustic privacy risk.
The project, named Mic-E-Mouse, reveals how a standard computer peripheral can be repurposed into an unintended listening device. High-performance optical mice, especially those with resolutions of 20,000 dpi and rapid polling rates, are sensitive enough to capture microscopic surface vibrations. While these features are designed to enhance precision for gaming or graphic design, the research team found they could be used for a more invasive purpose.
How the vulnerability works
When a mouse is on a desk while someone is speaking, the vibrations from their voice travel through the desk surface and are picked up by the mouse’s optical sensor. A computer running software with access to the raw sensor data can then collect and analyze these tiny movements.
The process involves several technical steps:
- Extracting the raw motion data packets from the mouse.
- Isolating the specific vibrations related to human speech.
- Applying advanced digital signal processing techniques to clean up the signal.
The researchers used a Wiener filter to remove background noise and then employed a neural network model to reconstruct the acoustic waveform with greater clarity. In their tests, this method achieved speech recognition accuracy between 42% and 61%, making significant portions of conversations intelligible.
The potential for exploitation
A critical aspect of this vulnerability is that it does not require complex malware to be installed on a system. Any legitimate application that requests high-frequency mouse data, if compromised, could potentially be used to exploit this weakness. Once the acoustic data is captured, it can be transmitted to an external location, allowing for the covert interception of sensitive conversations without being detected.