How your mouse could eavesdrop on you and rat you out The mouse sitting next to you can be turned into a microphone thanks to some cunning use of its sensors to pick up vibrations from your voice in an attack dubbed Mic-E-Mouse. Researchers at UC Irvine have found that optical mice equipped with 20,000 DPI sensors and decent latency can be used as a basic microphone with software …
Reading keystrokes is mentioned in the article, I also recall a episode of Spooks (MI:5) doing something similar by getting a target to retype a CV or Resume with a "calibrated test phrase" so they could "read" what he was typing into documents & emails.
Icon is not being used in its usual context.
No need to have someone to talk to; it's the frame for the next extortion business. Instead of asking for my money to not distribute footage of my inexistent webcam, it will be "we recorded the sound of you watching contemporary interactive adult entertainment and detected rhythmic hand movement...
Sounds like it just vibration, so the mouse will stay in the same position. They need 20000 dpi because the vibrations are very small. If you talk loud enough maybe the Amazon Basic mouse would do!
Makes me wonder what DPI my mouse is - sometimes I'll see my display power up randomly when I'm away from the keyboard. I've always assumed the reason was that some subtle mouse event was registered. Never considered that as a viable attack vector lol
Yes, proprietary malware is often claimed to be "open source", as that encourages people to install it without thinking - many malicious companies use that trick.
Still, I haven't yet seen any proprietary malware program claim to be free software that respect the users freedom and well; https://www.gnu.org/fun/jokes/evilmalware.html
Not to me, but I will acknowledge that my hearing isn't what it used to be.
That said, if each key does sound different, then each keyboard sounds different as well. Seems to be a bit difficult to have a standard library, so it means calibrating the keys to specific frequencies.
Okay, congrats on having found a new attack vector, even if it is only 60% reliable.
Still, this whole thing stikes me as a bit of intellectual masturbation. If you can get malware onto a PC via an pseudo-open-source program, you've got better things to do than listen to mouse vibrations.
To stymie the keyboard-listening attack, perhaps this? Leroy Anderson - The Typewriter
' "each key sounds different"
Not to me, '
Every ski-lift tower sounds different. Each one has its own individual pattern of squeaks and chirps from the rotating pulleys.
Given that human-scale observation, I'm quite willing to believe that keyboard keys have differences that happen to be below my ears' and nervous system's resolution.
It's not only the key that sounds differnetly, due to the physical position on the resonant keyboard body (filll your keyboard with concrete! For saftety! Let's see my colleagues nicking a keyboard now![*]), but also the different way you hit them with the finger[+], maybe unless you are doing the eagle-circling-search-system. This has been a known attack vector (microphone based, but also by laser scanning windows) for several years, at least I recall having read a bunch of articles on ElReg about this. And let's face it: since I cannot hear the difference in magical audio connects I probalbly don't hear theat difference as well ;) I also prefer using a trackball, because I'm weird.
And thanks, now I want to go skiing. Though I prefer actually walking up rather than lifts, it's what living in Norway does to you, fjellski for the win!
[*] "You took my keyboard!" - "It's a company one, so they are all the same" - "no, not this one..."
[+] we all know that certain keys just don't react the same way to key presses - in extreme cases this results in missing letters on shitty keyboards, I'm looking at the crap Fujitsu is pushing on the laptops, FFS, it's not that difficult!
A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards
Does it help the user in any way or is it just so you jump to the top of the list sorted by resolution? I doubt any human can move their hand to within a 20000th of an inch.
So stupid tech enables snooping while providing nothing of value to the user?
Well done.
No really, well done!
If you've already managed to breech the computer and are detecting mouse input, there's no need to listen for keystrokes, just intercept those too. But listening to general audio in the environment is another matter.
If you can hack the mouse then you can hack the laptop's mic, I would have thought. OK in super secure environments there would be no mic connected to a PC.
But the really interesting thing is the filtering & AI. For many decades there has been successful spying on in-room conversations by bouncing invisible laser light off a window, long before it was possible to fish meaning out of the noisy vibrations using the amount of compute mentioned in this article. It now looks like it will be child's play to do this and existing prevention measures may be well under-specified.
These researchers should be offered jobs at GCHQ.
The same GCHQ where end point security on their devices was somewhat lax?
might be immune to this attack.
I have seen at least one bright young thing reprogram their keyboard to a completely idiosyncratic key mapping. One supposes at one extreme of a spectrum but I would not think one of the usual spectral suspects. Where's the E key today ? ;)
My collection of mice is decidedly of the very cheap and nasty - more inches per dot than dpi - and only serve to move the text cursor between windows or panes.
I should grasp the nettle and embrace CWM but too old or lazy. I recall in the early days of Windows part of the IBM CUA had key bindings for moving the cursor between windowing elements but I imagine MS dumped those eons ago — don't even know if alt·f4 still works.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
