Researchers at UC Irvine uncovered a vulnerability that enables some gaming mice with polling rates of 4,000 Hz or higher — many of which are developed in the Bay Area — to be turned into spyware, capturing conversations through desk vibrations using AI.

As Tom’s Hardware reports, security researchers from the University of California Irvine found a way to use high-end optical gaming mice containing advanced sensors that can sample data up to 8,000 times per second, per Hoodline, to record users’ conversations via desk vibrations. They then used artificial intelligence to decode the vibrations with an accuracy of about 42 to 61%, as detailed in the group’s paper, aptly titled, Mic-E-Mouse.

Tom’s Hardware explains that the vulnerability can occur when a user connects their gaming mouse to a computer that’s been compromised, which frequently happens via infected free and open source software like creative apps or video games.

"With only a vulnerable mouse, and a victim’s computer running compromised or even benign software (in the case of a web-based attack surface), we show that it is possible to collect mouse packet data and extract audio waveforms," the researchers write.

As Hoodline reports, Sunnyvale-based PixArt Imaging manufactures some of the sensors used in the vulnerable gaming mice, many of which are developed by Bay Area companies, including Milpitas-based Cosair, San Jose’s Logitech, and Razer, which is based in Irvine but has offices in San Francisco, per Hoodline.

Hoodline notes that the researchers discovered the quality of the audio transmissions was degraded significantly when users’ conversations were kept below 60-80 decibels and if they utilized thick or rigid surfaces like signal-absorbing mouse pads. They also suggest security measures for companies, such as blacklisting vulnerabilities, compiling approved peripheral lists, and releasing firmware updates that limit data exposure, per Hoodline.

Image: Viper 8K Hz, one of the vulnerable mice tested in the research; Razer