Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
Security Input Devices

Mouse Sensors Can Pick Up Speech From Surface Vibrations, Researchers Show (tomshardware.com) 40

Posted by EditorDavid from the mouse-with-big-ears dept.
"A group of researchers from the University of California, Irvine, have developed a way to use the sensors in high-quality optical mice to capture subtle vibrations and convert them into audible data," reports Tom's Hardware: [T]he high polling rate and sensitivity of high-performance optical mice pick up acoustic vibrations from the surface where they sit. By running the raw data through signal processing and machine learning techniques, the team could hear what the user was saying through their desk. Mouse sensors with a 20,000 DPI or higher are vulnerable to this attack. And with the best gaming mice becoming more affordable annually, even relatively affordable peripherals are at risk....

[T]his compromise does not necessarily mean a complicated virus installed through a backdoor — it can be as simple as an infected FOSS that requires high-frequency mouse data, like creative apps or video games. This means it's not unusual for the software to gather this data. From there, the collected raw data can be extracted from the target computer and processed off-site. "With only a vulnerable mouse, and a victim's computer running compromised or even benign software (in the case of a web-based attack surface), we show that it is possible to collect mouse packet data and extract audio waveforms," the researchers state.
The researchers created a video with raw audio samples from various stages in their pipeline on an accompanying web site where they calculate that "the majority of human speech" falls in a frequency range detectable by their pipeline. While the collected signal "is low-quality and suffers from non-uniform sampling, a non-linear frequency response, and extreme quantization," the researchers augment it with "successive signal processing and machine learning techniques to overcome these challenges and achieve intelligible reconstruction of user speech."

They've titled their paper Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors. The paper's conclusion? "The increasing precision of optical mouse sensors has enhanced user interface performance but also made them vulnerable to side-channel attacks exploiting their sensitivity."

Thanks to Slashdot reader jjslash for sharing the article.
This discussion has been archived. No new comments can be posted.

Mouse Sensors Can Pick Up Speech From Surface Vibrations, Researchers Show More

Mouse Sensors Can Pick Up Speech From Surface Vibrations, Researchers Show

Comments Filter:

  • Your mouse is a microphone (Score:3)

    by hadleyburg ( 823868 ) on Sunday October 05, 2025 @07:02PM (#65705748)

    That's amazing.

    Although I feel confident that my rickety old mouse would give pretty poor reception...

    • It's also yet another y'all-watch-this paper, one of many, many published every year. Cool trick and a nice piece of work, but nothing to see here in practice.
      • I look forward to reading a novel where some enterprising hacker uses the mouse sensor connected to a PC in the next room to eavesdrop on a top secret conversation while daydreaming about tangential topics in a rambling, all encompassing way.
        • I guess the point is not about having your mouse physically present in the room but having a website or any game opened remotely and being able to evasdrop the person without them enabling microphone access and not kowing about this risk

          • Whoa, that's some new kind of phreaky shit! [wikipedia.org]

            ;-)

          • Re: (Score:2)

            by Rei ( 128717 )

            I did some proof of concept tests with both Pointer Lock and PointerEvents, but both failed because you don't get *any* data if you're not moving the mouse, and only get (heavily rounded) datapoints when you do move the mouse. You'd need raw access to data coming from the mouse, before even the mouse driver, to do what they did.

            You *might* be able to pull off a statistical attack, collecting noise in the fluctuations of movement positions and timing in the data you receive when the mouse *is* moving. But I

            • In any case you don't need to worry about it, if the NSA really wants to listen in they can just use their

              or even their

              It's a good thing they haven't got their

              running yet or you wouldn't even be able to read this.

      • Audio is used to break airgaps and exfiltrate data. Security guidelines include mic discipline for good reasons. They don't (yet) include making sure the mouse can't be used to record audio.

        I expect updates to guidelines that include not using gaming mice.

    • "Hello computer." (Score:4, Funny)

      by antdude ( 79039 ) on Sunday October 05, 2025 @10:17PM (#65706044) Homepage Journal

      https://www.youtube.com/watch?... [youtube.com] :D

    • Re: (Score:2)

      by Z00L00K ( 682162 )

      Extrapolate that a bit and this could be used to determine which key that's pushed on your keyboard for passwords, or even another device in the vicinity.

    • Your spying mouse is listening to everything, just waiting for an opportunity to rat you out.

  • That seems like something completely useless. Probably designed for wannabe "progamers".

    • More likely designed for gamers, I'd think. They seem most likely to believe that more is always better.

      • Re: (Score:2)

        by PPH ( 736903 )

        These gamers are fooling themselves (as usual). If you have a mouse sensitive enough to pick up sound waves, then your gaming mouse is going to be bounced around by ambient noise, thus making that sensitivity useless.

        I'd guess that good gaming engines incorporate some sort of low pass filtering plus quantization to minimize this noise. The mouse hardware itself might support such high resolution/sampling rate. And a surveillance app could make use of it. But buying hardware much better than what a game sup

    • Apparently all the big brands have a model in that range already. Not saying it's useful, but gamers might have one.

      * ASUS ROG Gladius III Wireless: 26000 dpi
      * Corsair Sabre RGB Pro Wireless: 26000 dpi
      * Logitech G Pro X Superlight: 25600 dpi
      * Razer Deathadder V2: 20000 dpi

      (2022) https://www.sportskeeda.com/ga... [sportskeeda.com]

      • Re: (Score:2)

        by gweihir ( 88907 )

        Well. Why I am not surprised. I usually run my mouse at 400...800dpi and that is already pretty high.

        But yes, that makes this attack viable: People obsessed with numbers and no understanding of meaning...

        • I usually have 800-1200, but DPI and polling aren't the same thing. I may be wrong, but I'm pretty sure that the mouse is still polling at the max speed but only reporting at the adjusted DPI rate.

          Which just means that gaming mice shouldn't be used in secure settings.

          Also, gaming mice usually have onboard non-volatile memory. They could come pre-infected.

          • DPI and polling aren't the same thing.

            Only one of the mice specifies a polling rate in the link above, and it's 2 kHz, which is enough to capture some voice frequencies.
            The good old Logitech G502 is 1 kHz and available for like 10 years, so I have no doubt today's top is 2 kHz or more.

            • And I guess it doesn't help that I'm mixing up DPI and polling, despite looking at the right words while screwing it up. Doh!

              Yeah, I don't know if 20kHz polling is even possible. My keyboard does 1, 2 or 4kHz, I think my Razr basilisk v3 is limited to 2, but I'm not certain. I see people talk about 8, but 20? No, I must have pulled that directly from my rear end.

          • I got this backwards at least! I apologize to everyone for being dumb.

            Which I realize will come as a surprise. Yes, even I can be dumb sometimes.

            Feel free to reply with your favorite example, or just random insults.

    • Well you can get a mouse with a resolution of over 25,000 DPI for $70 so it's not like it's much of a flex. 44,000 DPI can be had for under $200. Usually it's marketed for precision control in games.

      However most of these are limited to a 1000Hz report rate, you need an especially high-end mouse to get a higher report rate.

      • Re: (Score:2)

        by gweihir ( 88907 )

        Yes, but why would you even make that a selection criterion? It does not provide anything. Human motoric pretty much has something like 100dpi resolution, max, if trained.

  • Actually, if a mouse can be used as a microphone, perhaps a microphone can be used as a mouse...

    Top gamers might be able to get pretty good resolution out of that.

  • It was know in the 80s that you could bounce an infrered laser off a window or surface in a room that you had a windows to anc could here talking. It use to be a common spy trick probally still his but it is well know now so may be not.

    But yea I ways wonder if that would work. I have also seen exploits were capacitors become micrphones. And i can be pick uped by software based on fluctionation in voltage.

  • Why does the "Threat Model" diagram start with FOSS delivering the data to the bad actor?

    • It doesn't.

      It starts with a virus injected via a web ad. The FOSS example is just to illustrate that that isn't even necessary. Even something as benign as a Counterstrike can be used to listen to you if you have a good enough mouse.

  • Place a speaker face down on the table, repeatedly playing something like a Rick Astley song.

  • high security places need to switch to track balls

    • Re: (Score:1)

      by tlhIngan ( 30335 )

      It's not the mouse tracking system, it's the buttons - they're basically force sensors to give you variable click durations. Just like the high end keyboards have individually adjustable activation distances (a lot from 0.2mm to 3.8mm key travel), the mouse buttons are the same.

      So now the click point is based on how hard you push the button, making it basically an analog force sensor. Which if polled at 8000Hz, is basically a low quality microphone.

      By contrast, the tracking camera on your mouse is really on

  • "infected FOSS that requires high-frequency mouse data, like creative apps or video games" - sounds like fiction written by some AI, that had access to old and just partial history of IT. Who even uses in same sentence terms like "creative app" and "video game". One is from a kid waiting to get his hands on an Iphone, other from a 60 year old who has never seen a first person shooter but pondering about phosphor coatings burnin on his screen.
    • It is silly. Especially since the malicious software will read the mouse at the full rate, whether or not it appears to need it. It could be a coupon finder extension in a browser. It could be a file renaming tool. It could be a purple ape that walks around your desktop. Could be a clock widget. Doesn't matter.
  • I guess Scotty was just a few years early trying to talk to the mouse: https://youtu.be/QpWhugUmV5U?t... [youtu.be]

  • I've noticed that sometimes when playing loud music my computer will wake up. My best guess is that the vibrations are generating mouse movement events and deactivating the screen blanker. Annoying.

  • My mouse will provide you with the audio from video games, old Doctor Who episodes, and the occasional muttered obscenity. Hope you like Pertwee and Bellwright!

  • So...surface vibrations from nearby speech can be picked up by the optical sensor in a mouse, filtered with some clever signal processing, and turned into intelligible audio—without any microphone or elevated system privileges. By combining Wiener filtering, resampling corrections, and a small transformer network modeled after Whisper, the researchers achieved roughly 40–60% speech recognition accuracy from desk vibrations alone.

    Some people are calling this a cute academic stunt. I get that

Slashdot Top Deals

Elegance and truth are inversely related. -- Becker's Razor

Close