Audio CAPTCHA easily cracked
Written by Andrew Johnson   
Friday, 27 May 2011

Many websites rely on CAPTCHA to distinguish genuine humans from bots and malware. Now researchers have devised software that can be trained to decipher and defeat audio CAPTCHAs.

 

CAPTCHAs are those frustrating tests that ask you to type in characters that correspond to words that have been obscured or defaced by graffiti.

The idea is this task should be easy for humans and impossible for non-humans but to assist the visually impaired many CAPTCHAs offer an audio alternative, in which a computerized voice reads out letters or digits distorted by noise, and these have been proved to be vulnerable to machine recognition.  

 

captcha

 

Decaptcha is a system to defeat audio CAPTCHAs based on non-continuous speech (i.e. a series of digits or letters rather than spoken words). Devised by a team of computer scientists who presented their research at this week's IEEE Symposium on Security and Privacy in Oakland California, it uses audio-processing techniques to remove the noise and identify the digits.

The software has to be trained, a process that takes around 20 minutes for each type of CAPTCHA, but then can solve CAPTCHAs without human assistance.

The software has proved effective against the systems currently used by eBay (82% accuracy), Microsoft (49%) and Yahoo (45%) but has has much less success with reCAPTCHA which uses background conversations to obscure the digits.

Even so with a success rate of 1.5%, a machine that made hundreds of attempts would quite quickly make a correct match - and would probably have more success than humans who also find reCAPTCHA difficult to decipher.

The researchers conclude that the use of "semantic noise" - i.e. noise such as background conversations or music is the least harmful to human understanding
at levels while also being most able to hinder Decaptcha’s performance.

Full research report:

The Failure of Noise-Based Non-Continuous Audio Captchas

 

Banner


CISA Offers More Support For Open Source
22/03/2024

The Cybersecurity and Infrastructure Security Agency (CISA) has announced a number of key actions that they hope will improve the open source ecosystem.



Running PostgreSQL Inside Your Browser With PGLite
18/03/2024

Thanks to WebAssembly we can now enjoy PostgreSQL inside the browser so that we can build reactive, realtime, local-first apps directly on Postgres. PGLite is about to make this even easier.


More News


Last Updated ( Saturday, 28 May 2011 )