Mic-E-Mouse – Covert Eavesdropping Through Computer Mice
Posted3 months agoActive3 months ago
sites.google.comTechstory
skepticalmixed
Debate
60/100
Computer SecurityEavesdroppingMalware
Key topics
Computer Security
Eavesdropping
Malware
Researchers demonstrate a method to covertly eavesdrop through computer mice, sparking discussion on the feasibility and potential vectors of such an attack.
Snapshot generated from the HN discussion
Discussion Activity
Moderate engagementFirst comment
49m
Peak period
8
0-3h
Avg / period
2.8
Comment distribution14 data points
Loading chart...
Based on 14 loaded comments
Key moments
- 01Story posted
Oct 5, 2025 at 9:34 PM EDT
3 months ago
Step 01 - 02First comment
Oct 5, 2025 at 10:23 PM EDT
49m after posting
Step 02 - 03Peak activity
8 comments in 0-3h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 7, 2025 at 11:41 AM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45486825Type: storyLast synced: 11/20/2025, 12:47:39 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
(If you also didn't notice the pun, it would sound like "Mickey Mouse" if you pronounced "mic" the way it's written instead of the correct way).
Yeah right, FOSS is famous for just accepting pull requests with exploits from randos.
LGTM YOLO fuck it, ship it, move fast and break things — wait, that one isn't FOSS.
Anyway .
It’s a bit ironic in the sense that the EXACT logic of what you’re saying here is precisely what makes it such an ideal thing to target.
I think sometimes people put way too much faith into the concept of open source as being some kind of meaningful shield against attacks like this. Like absolutely nobody in an intel background for example who does stuff like this for a living would agree with you.
It only ever needs to look plausible and I don’t think it’s all that complicated a problem to come up with a reason as to why you’re introducing some code that is suddenly very focused on reading mouse sensor data.
....and then what?
Reading the data alone does nothing.
Sending that data to your own servers would be a harder thing to obfuscate.
My comments: yes, because exploits being injected into open-source software are famous for not being discovered. Obviously it can happen (look at xz, or the recent Shai-Hulud worm on NPM), and it's entirely possible that it has happened to other places that weren't discovered. But with xz the exploit was caught quickly enough that it didn't reach production, and with Shai-Hulud it was contained within days despite having the potential to spread to every package. I doubt that anyone trying to stick this kind of thing into open-source software would get away with it. Closed-source software, OTOH, would be a far more likely distribution vector. Just persuade some overworked dev that he should use this handy library that tracks high-precision mouse movement in his game, and you've injected your exploit.
I'm a bit puzzled how "secure environment" has a direct connection to "data collection" and "adversary".
While I'm sure (by numbers) a lot of people play video games, I would bet percentage wise that a lot more people open webpages.
A pretty good malware distribution method would be having people download a ‘demo’ of this, right?