Audio CAPTCHA easily cracked
Written by Andrew Johnson   
Friday, 27 May 2011

Many websites rely on CAPTCHA to distinguish genuine humans from bots and malware. Now researchers have devised software that can be trained to decipher and defeat audio CAPTCHAs.

 

CAPTCHAs are those frustrating tests that ask you to type in characters that correspond to words that have been obscured or defaced by graffiti.

The idea is this task should be easy for humans and impossible for non-humans but to assist the visually impaired many CAPTCHAs offer an audio alternative, in which a computerized voice reads out letters or digits distorted by noise, and these have been proved to be vulnerable to machine recognition.  

 

captcha

 

Decaptcha is a system to defeat audio CAPTCHAs based on non-continuous speech (i.e. a series of digits or letters rather than spoken words). Devised by a team of computer scientists who presented their research at this week's IEEE Symposium on Security and Privacy in Oakland California, it uses audio-processing techniques to remove the noise and identify the digits.

The software has to be trained, a process that takes around 20 minutes for each type of CAPTCHA, but then can solve CAPTCHAs without human assistance.

The software has proved effective against the systems currently used by eBay (82% accuracy), Microsoft (49%) and Yahoo (45%) but has has much less success with reCAPTCHA which uses background conversations to obscure the digits.

Even so with a success rate of 1.5%, a machine that made hundreds of attempts would quite quickly make a correct match - and would probably have more success than humans who also find reCAPTCHA difficult to decipher.

The researchers conclude that the use of "semantic noise" - i.e. noise such as background conversations or music is the least harmful to human understanding
at levels while also being most able to hinder Decaptcha’s performance.

Full research report:

The Failure of Noise-Based Non-Continuous Audio Captchas

 

Banner


The Feds Want Us To Move On From C/C++
13/11/2024

The clamour for safe programming languages seems to be growing and becoming official. We have known for a while that C and C++ are dangerous languages so why has it become such an issue now and is it  [ ... ]



52nd Mersenne Prime Found
27/10/2024

It has been nearly six years since the last Mersenne prime was discovered. Now, at last, we have Mersenne prime number 52 and it has 41,024,320 digits!


More News


Last Updated ( Saturday, 28 May 2011 )