Password extraction via reconstructed wireless mouse trajectory

Xian Pan, Zhen Ling, Aniket Pingley, Wei Yu, Nan Zhang, Kui Ren, Xinwen Fu

Research output: Contribution to journalArticlepeer-review

9 Scopus citations


Logitech made the following statement in 2009: 'Since the displacements of a mouse would not give any useful information to a hacker, the mouse reports are not encrypted.' In this paper, we prove the exact opposite is true - i.e., it is indeed possible to leak sensitive information such as passwords through the displacements of a Bluetooth mouse. Our results can be easily extended to other wireless mice using different radio links. We begin by presenting multiple ways to sniff unencrypted Bluetooth packets containing raw mouse movement data. We then show that such data may reveal text-based passwords entered by clicking on software keyboards. We propose two attacks, the prediction attack and replay attack, which can reconstruct the on-screen cursor trajectories from sniffed mouse movement data. Two inference strategies are used to discover passwords from cursor trajectories. We conducted a holistic study over all popular operating systems and analyzed how mouse acceleration algorithms and packet losses may affect the reconstruction results. Our real-world experiments demonstrate the severity of privacy leakage from unencrypted Bluetooth mice. We also discuss countermeasures to prevent privacy leakage from wireless mice. To the best of our knowledge, our work is the first to demonstrate privacy leakage from raw mouse data.

Original languageEnglish (US)
Article number7061471
Pages (from-to)461-473
Number of pages13
JournalIEEE Transactions on Dependable and Secure Computing
Issue number4
StatePublished - Jul 1 2016

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Electrical and Electronic Engineering


Dive into the research topics of 'Password extraction via reconstructed wireless mouse trajectory'. Together they form a unique fingerprint.

Cite this