#side-channel-attack

#side-channel-attack

Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances. This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to the privacy of user and enterprise communications, the company noted. The attack has been codenamed Whisper Leak.

The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work.

What makes this attack practical is the sensitivity of today's mice, both their high polling rate (the frequency at which they sample movement, measured in kHz), and the resolution with which they detect movement, measured in dots per inch (DPI).

The mouse sitting next to you can be turned into a microphone thanks to some cunning use of its sensors to pick up vibrations from your voice in an attack dubbed Mic-E-Mouse. Researchers at UC Irvine have found that optical mice equipped with 20,000 DPI sensors and decent latency can be used as a basic microphone with software designed to figure out speech patterns based on the vibration of the user's voice. The team used a $35 mouse to test the system and found it could capture speech with 61 percent accuracy, depending on voice frequency.

Researchers at UC Irvine uncovered a vulnerability that enables some gaming mice with polling rates of 4,000 Hz or higher many of which are developed in the Bay Area to be turned into spyware, capturing conversations through desk vibrations using AI. As Tom's Hardware reports, security researchers from the University of California Irvine found a way to use high-end optical gaming mice containing advanced sensors that can sample data up to 8,000 times per second, per Hoodline, to record users' conversations via desk vibrations.