Watch Out for This Mouse Trap

Do you hear that? No, for once it is not the sound of Disney’s lawyers scrambling to see if they can put together a successful trademark infringement case. It is your own voice, and it was recorded with the help of your computer mouse, which a group of engineers at the University of California, Irvine has repurposed to eavesdrop on your every conversation.

This exploit, called Mic-E-Mouse, may have a cute name, but for those that get bit by it, it is anything but cute. Mic-E-Mouse relies on the high-resolution optical sensors commonly found in mice today. As it turns out, when your mouse is sitting idle on your desk, it is doing more than you probably think. Every vibration of your desk surface, even those caused by nearby voices, is registered as subtle movements by its optical sensor.

It is this observation that the researchers pounced on. They realized that these vibrations would carry a signal representing voices. However, that raw signal proved to be of very poor quality. But with a novel signal processing and machine learning pipeline, the team showed that speech could be reconstructed — albeit imperfectly.

Modern optical sensors sample the surface under the mouse thousands of times per second. When someone nearby speaks, those sound waves can travel through a desk and induce tiny transverse and longitudinal vibrations in the surface. The mouse’s sensor, which is essentially a tiny, high-speed camera, records minute shifts between frames. Those shifts normally translate into cursor movement; in Mic-E-Mouse they become raw vibration data.

Collecting that raw data is easier than you might expect. The researchers point out that user-space software on common operating systems can log high-frequency mouse events without elevated privileges. Many libraries and services (e.g., X11, Qt, GTK, SDL) can be abused to capture the needed data streams. The team demonstrated several plausible collection vectors: a patched open-source game that quietly sends mouse data to a server, exploited telemetry endpoints in graphical apps, and other user-space logging approaches.

But non-uniform sampling, quantization noise, and nonlinear frequency response make direct listening impossible. To restore intelligibility, the researchers built an end-to-end pipeline. It cleans data with Wiener filtering and resampling corrections, then applies an encoder-only spectrogram neural filter to tease out speech features. Under controlled conditions they reported signal-to-noise improvements up to +19 dB and achieved speech recognition rates around 42% to 61% on benchmark datasets.

Unlike the mouse after which the exploit was named, Mic-E-Mouse isn’t magic; it requires just the right conditions, like a high-DPI, high-poll-rate sensor, a relatively thin desk that transmits vibrations, and limited mouse movement during capture. But even still, this is something to be aware of. And as is usually the case with technology, the method is likely to improve over time.

To combat future problems, developers will have to consider better locking down who can access high-frequency mouse events and reducing polling rate and resolution where possible. Users can also take measures to dampen desk vibrations through the use of mouse pads and heavier desks. Unfortunately, we can no longer consider ourselves safe after locking down our microphones and cameras.