Mic-E-Mouse – Covert eavesdropping through computer mice

https://sites.google.com/view/mic-e-mouse

38•davekeck•2h ago

Comments

rmunn•1h ago

I've known that the correct pronunciation of "mic" was to sound like "mike" (because it's short for "microphone") for so long that the pun in the "Mic-E-Mouse" name escaped me until after I finished reading the article.

(If you also didn't notice the pun, it would sound like "Mickey Mouse" if you pronounced "mic" the way it's written instead of the correct way).

krackers•33m ago

The "mickey" is also the unit used for mouse speed.

pfexec•1h ago

The author theorizes that games are an ideal malware delivery vehicle but... aren't games typically connected to a user's headset/mic regardless?

I'm a bit puzzled how "secure environment" has a direct connection to "data collection" and "adversary".

privatelypublic•1h ago

Lets ignore the open source FUD in the diagram.

alterom•36m ago

"Our delivery vehicle is FOSS"

Yeah right, FOSS is famous for just accepting pull requests with exploits from randos.

LGTM YOLO fuck it, ship it, move fast and break things — wait, that one isn't FOSS.

Anyway .

rmunn•34m ago

Quote from the article (emphasis in original): "Our target for a suitable exploit delivery vehicle is open-source applications where the collection and distribution of high-frequency mouse data is not inherently suspicious. Therefore, creative software, video games, and other high performance, low latency software are an ideal targets for injecting our exploit."

My comments: yes, because exploits being injected into open-source software are famous for not being discovered. Obviously it can happen (look at xz, or the recent Shai-Hulud worm on NPM), and it's entirely possible that it has happened to other places that weren't discovered. But with xz the exploit was caught quickly enough that it didn't reach production, and with Shai-Hulud it was contained within days despite having the potential to spread to every package. I doubt that anyone trying to stick this kind of thing into open-source software would get away with it. Closed-source software, OTOH, would be a far more likely distribution vector. Just persuade some overworked dev that he should use this handy library that tracks high-precision mouse movement in his game, and you've injected your exploit.

Searching 'George Washington' on DuckDuckGo changes the logo

Tracking Stealth Fighters with cheap cameras [video]

Internet Archive – Celebrating 1T Web Pages Archived

Show HN: Soravideodownloader.com – A tool to save Sora videos and prompts

Find Nearby Automated License Plate Readers (ALPR)

VC Dogmas in AI That Don't Matter When You're Bootstrapped

The true cost of cyber hacking on businesses

The Server in the Closet

Vibe Coding Breakpoints: Where No-Code Projects Break – and How to Build Smarter

Tsujigiri

Why We Need SIMD

Hopefully the Most Gentle Introduction to Simulation

Building Effective Text-to-3D AI Agents: A Hybrid Architecture Approach

Bird Photographer of the Year Gives a Lesson in Planning and Patience

Brr: An Antarctica Blog

The Integral Guide to Well-Being

Mesa Project Adds Code Comprehension Requirement After AI Slop Incident

Illinois Utility Pilots Vehicle-to-Grid Program With Electric School Buses

Powerful Cartels Are Building a Gold Mining Empire [video]

AgentCursor – Make the browser automation scripts move the cursor like a human

Programming in Assembly without an Operating System [video]

Between 1875 and 1925, 80k tigers were killed in India under British rule

Releasing New Chat System

Reaction Time Test

Memory Tagging Explained: Why the iPhone 17 Is a Cybersecurity Game-Changer [video]

Revocation Confusion

I Miss Web 2.0

The Open Source macOS Window Manager app, MacsyZones 1.9 is released

'Determination and ingenuity': Australia's oldest man just turned 112

Embracing the parallel coding agent lifestyle