Stanford Computer Researchers Decode Internet Security Code

By Ashok Bindra November 04, 2011

Computer researchers at the Stanford Security Laboratory have created a computer program to decode audio CAPTCHAs on website account registration forms, thus revealing a security flaw that leaves users vulnerable to automated attacks.

CAPTCHA, which stands for Completely Automated Public Turing Test to tell Computers and Humans Apart, is a computer program meant to identify humans. It is a widespread security system used by websites to determine whether a user is actually human.  

There are two types of CAPTCHA programs. One deals with wavy images and the other is concerned with audio. In case of wavy images, if a user registers for online access to a website, it is likely he or she is required, as part of the process, to correctly read a group of distorted letters and numbers on the screen. That's a simple test to prove you are a human, not a computer program with malicious intent. Though computers are good at filling out forms, they struggle to decipher these wavy images crisscrossed with lines. This process is known as CAPTCHA, according to the researchers.

The audio CAPTCHA is designed to help the visually impaired. It requires users to accurately listen to a string of spoken letters and/or numbers disguised with background noise.

According to Stanford researchers, they have found an audible security flaw in the audio CAPTCHA.

Now computer science professor John Mitchell and postdoctoral researcher Elie Bursztein, along with other staff members of the Stanford Security lab, have built a computer program that can correctly decipher commercial audio CAPTCHA used by Digg, eBay, Microsoft, Yahoo and reCAPTCHA, a company that creates CAPTCHAs. The results were presented during a symposium on security and privacy in Oakland, Calif.

The Stanford program is called DeCAPTCHA, and it successfully decoded Microsoft's audio CAPTCHA about 50 percent of the time, said the researchers. However, decoding reCAPTCHA’s codes was not easy. According to the researchers, “they correctly broke only about one percent of reCAPTCHA's codes, the most difficult ones of those tested.” But the Stanford researchers believe that even this small success rate is considered trouble for websites such as YouTube and Facebook that get hundreds of millions of visitors each day.

"In the battle of humans versus computers, we lost round one for audio captchas," Bursztein said. "But we have a good idea of what round two should be," added Bursztein.

To test the program, the researchers generated 4 million audio CAPTCHAs mixed with white noise, echoes or music. After training DeCAPTCHA with some samples, they found that the program easily decoded CAPTCHAs mixed with static or repetition with a 60 to 80 percent success rate. But, with background music, the task was more difficult.


Ashok Bindra is a veteran writer and editor with more than 25 years of editorial experience covering RF/wireless technologies, semiconductors and power electronics. To read more of his articles, please visit his columnist page.

Edited by Rich Steeves

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More

After Cisco/Broadsoft, Who's Next for M&A?

By: Doug Mohney    10/27/2017

Cisco's trail of acquisition tears over the decades includes the Flip video camera, Cerent, Scientific Atlantic, Linksys, and a couple of others. The …

Read More