Researchers at UC Irvine have uncovered a significant security vulnerability in high-performance optical gaming mice with polling rates of 4,000 Hz or higher, which can be exploited to eavesdrop on user speech by detecting acoustic vibrations transmitted through the work surface.

This method, called Mic-E-Mouse, uses the sensitive sensors in these mice to capture vibrations and reconstruct speech with an accuracy ranging from 42% to 61%, making it a notable but imperfect eavesdropping tool.

The attack can be executed via software exploits embedded in open-source applications, video games, or high-performance software, especially since these mice are increasingly affordable and accessible, with some models costing under $50.

The vulnerability is particularly concerning because these high-end mice, often used in gaming and high-performance environments, contain sensors sampling data up to 8,000 times per second, capable of detecting subtle vibrations.

Frequency analysis shows that most human speech, between 200Hz and 2000Hz, falls within the detectable range of the system, and visual demonstrations support the capability to reconstruct speech from mouse sensor data.

While the audio recognition accuracy is between 42% and 61%, the pipeline significantly improves audio signal quality, achieving an 80% speaker recognition accuracy and a 16.79% word error rate.

This development raises serious concerns about acoustic privacy violations in the age of AI, prompting calls for future protective measures.

The concept echoes Cold War espionage devices, such as the KGB's passive microphone embedded in a replica of the Great Seal, activated via high-frequency signals.

The threat model targets environments where high-frequency mouse data collection is less suspicious, and the attack can operate with compromised or benign software, collecting data remotely without alerting the user.

Security recommendations to mitigate this risk include blacklisting vulnerable devices, creating approved peripheral lists, and releasing firmware updates to prevent data exposure.

The attack exploits the increasing affordability of advanced mice with sensitive sensors, which are now widely available and pose expanded attack surfaces for consumers, companies, and governments.

Major manufacturers like Logitech, Razer, and Corsair produce these sensors, with some based in the Bay Area, and their mice can sample data at rates up to 8,000 times per second, enabling vibration analysis.

Researchers have developed a signal processing and machine learning pipeline that reconstructs intelligible speech from mouse sensor data despite challenges like noise, quantization, and non-uniform sampling.