Researchers at the University of California have just published a study warning that computer mice that are used for pinching and rolling can be exploited as a listening device.
The technique called Mic‐E‐Mouse uses the sensitivity of sensors in mice to detect the smallest sound vibration, then restore and decode the user's dialogue.
According to the research team, optical/vortical vibration sensors or IMUs in some mice can record vibrations caused by sound on the surface, enough to impress a temporary microphone if the attacker controls the system.
The attack process includes collecting vibration signals, filtering the noise with a Wiener filter, then moving through an AI-based identification modular to restore words.
In some tests, the team said they had a voice recognition accuracy of about 61%, while the numbers were encoded more easily, which poses a special risk for digital information such as pin code or credit card number.
To promote, attackers must first infect the victim's computer, such as installing software to collect sensor data. In other words, this is not an attack that only requires transmission of waves from the outside.
In addition, the ability to collect is greatly reduced if the rat is placed on a soft surface such as a rat mat or towel... or environmental noise also weakens the decoding effect.
Physical conditions and the need to penetrate the system make Mic‐E‐Mouse difficult to do on a large scale, but not impossible.
The highlight of the study is the warning that peripheral devices that are less noticed in security systems can become sophisticated data leakage channels.
In many organizations, virus-destroying software or end point management solutions rarely scan or monitor the behavior of peripheral sensors, creating vulnerabilities for attackers to exploit.
The research team recommended preventive measures, including: software updates, limiting access to peripheral devices, monitoring unusual driver/ control program behavior, and considering the location of the rat in a sensitive environment.
While Mic‐E‐Mouse is unlikely to become an immediate threat, the study provides an important warning, not only in software and passwords but also in the small devices around us.
