High-end computer mice can be used to eavesdrop on the voice conversations of nearby PC users, researchers from the University of California, Irvine, have shown in a new proof-of-concept demonstration.

Given the catchy name ‘Mic-E-Mouse’ (Microphone-Emulating Mouse), the ingenious technique outlined in Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors is based on the discovery that some optical mice pick up incredibly small sound vibrations reaching them through the desk surfaces on which they are being used.

These vibrations could then be captured by different types of software on PC, Mac or Linux computers, including non-privileged ‘user space’ programs such as web browsers or games engines or, failing that, privileged components at OS kernel level.

Although the captured signals were inaudible at first, the team were able to enhance them using Wiener and neural network statistical filtering to boost signal strength relative to noise.

As the video demonstration of this process shows, this made it possible to extract spoken words from an eavesdropped data stream that at first sounded impossibly muffled.

“Through our Mic-E-Mouse pipeline, vibrations detected by the mouse on the victim user’s desk are transformed into comprehensive audio, allowing an attacker to eavesdrop on confidential conversations,” the researchers wrote.

Moreover, they said, this type of attack would be undetectable by defenders: “This process is stealthy since the vibrations signals collection is invisible to the victim user and does not require high privileges on the attacker’s side.”

Side channel weakness

The technique is the latest example of a side channel attack as evidenced by a growing body of research looking at how components used for one purpose — a mouse, say — can inadvertently leak information in an unintended way.

But is an attack based on this methodology possible under real-world conditions?

What makes this attack practical is the sensitivity of today’s mice, both their high polling rate (the frequency at which they sample movement, measured in kHz), and the resolution with which they detect movement, measured in dots per inch (DPI).

The higher the polling rate and resolution, the more sensitive the mice become to sound. “Ultimately, these developments entail an increased usage of vulnerable mice by consumers, companies, and government entities, expanding the attack surface of potential vulnerabilities in these advanced sensor technologies,” said the researchers.

However, there are important caveats that limit the scope of Mic-E-Mouse. The noise level of the environment being eavesdropped upon must be low, with desks no more than 3cm thick, and with the mouse mostly stationary to isolate voice vibrations.

The researchers also used mice with a DPI of at least 20,000, significantly above that of the average mouse in use today.

Under real-world conditions, extracting voice data would be possible but challenging. Attackers would likely only be able to capture some conversation, rather than everything being said.

Another weakness is that defending against it wouldn’t be difficult: using a rubber pad or mouse mat under a mouse would stop vibrations from being picked up.

Nevertheless, the technique demonstrates that mice should now be added to the growing list of computer peripherals susceptible to side channel data extraction under specific circumstances.

Previous research on audio side-channel attacks has largely focused on moving data the other way, from electrical signals to sound, as a way to escape air-gapped networks — for example through the use of speakers as both transmitters and receivers, or controlling the sounds generated by computer power supplies (PSUs).

Conventional eavesdropping techniques involve placing incredibly small sensors in valuable locations, which is why Papal Conclaves have for at least 20 years carefully swept all objects in the Sistine Chapel for covert listening devices.