Hello,
I figured it might be of interest to people here, abit old news but recently the research paper was finally published:
News: How your mouse could eavesdrop and rat you out • The Register
Research paper: Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors
Demo video: https://www.youtube.com/watch?v=CY7Z37Ul8aQ
PoC repo: GitHub - AICPS/Mic-E-Mouse: Repository Containing Implementations and experiments related to the Mic-E-Mouse side-channel attack(s).
Regards
Sounds like another reason to use qubes 
This might allow to bypass the “allow microphone” from any qube so not sure Qubes OS actually protects from it, unless it also uses something like keycloak but for mouse too.
From the article:
For the attack to work, a miscreant must first infect the computer
Qubes should limit attack surface, right? The adversary would have to find a vulnerability to infect sys-usb or dom0. I dont think one can intercept mouse data by infecting my isolated sketchy-malware_disp1841 qube
It’s still much better than having any conventional system, because
As long as an attacker doesn’t control sys-usb and is able to somehow exfiltrate data from it despite lack of network connection, qubes should be resistant.
An attack with a malicious usb drive could be useful here. An attack on sys-usb that manages a USB network interface could be even better.
I’ll give it some noise to record. Too bad it can’t smell.
As you’ve correctly said in 1. there’s no absolute need to be able to access sys-usb for this attack.
However the new kloak/input delay feature should help against it, if it’s enabled (it’s not by default).