Stanford Computer Researchers Decode Internet Security Code

By

Computer researchers at the Stanford Security Laboratory have created a computer program to decode audio CAPTCHAs on website account registration forms, thus revealing a security flaw that leaves users vulnerable to automated attacks.

CAPTCHA, which stands for Completely Automated Public Turing Test to tell Computers and Humans Apart, is a computer program meant to identify humans. It is a widespread security system used by websites to determine whether a user is actually human.  

There are two types of CAPTCHA programs. One deals with wavy images and the other is concerned with audio. In case of wavy images, if a user registers for online access to a website, it is likely he or she is required, as part of the process, to correctly read a group of distorted letters and numbers on the screen. That's a simple test to prove you are a human, not a computer program with malicious intent. Though computers are good at filling out forms, they struggle to decipher these wavy images crisscrossed with lines. This process is known as CAPTCHA, according to the researchers.

The audio CAPTCHA is designed to help the visually impaired. It requires users to accurately listen to a string of spoken letters and/or numbers disguised with background noise.

According to Stanford researchers, they have found an audible security flaw in the audio CAPTCHA.

Now computer science professor John Mitchell and postdoctoral researcher Elie Bursztein, along with other staff members of the Stanford Security lab, have built a computer program that can correctly decipher commercial audio CAPTCHA used by Digg, eBay, Microsoft, Yahoo and reCAPTCHA, a company that creates CAPTCHAs. The results were presented during a symposium on security and privacy in Oakland, Calif.

The Stanford program is called DeCAPTCHA, and it successfully decoded Microsoft's audio CAPTCHA about 50 percent of the time, said the researchers. However, decoding reCAPTCHA’s codes was not easy. According to the researchers, “they correctly broke only about one percent of reCAPTCHA's codes, the most difficult ones of those tested.” But the Stanford researchers believe that even this small success rate is considered trouble for websites such as YouTube and Facebook that get hundreds of millions of visitors each day.

"In the battle of humans versus computers, we lost round one for audio captchas," Bursztein said. "But we have a good idea of what round two should be," added Bursztein.

To test the program, the researchers generated 4 million audio CAPTCHAs mixed with white noise, echoes or music. After training DeCAPTCHA with some samples, they found that the program easily decoded CAPTCHAs mixed with static or repetition with a 60 to 80 percent success rate. But, with background music, the task was more difficult.


Ashok Bindra is a veteran writer and editor with more than 25 years of editorial experience covering RF/wireless technologies, semiconductors and power electronics. To read more of his articles, please visit his columnist page.

Edited by Rich Steeves
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

The Role of Knowledge Sharing Technology in Call Centre Management

By: Contributing Writer    6/21/2024

In the dynamic environment of call centres, the efficient management of information can significantly enhance service delivery and customer satisfacti…

Read More

Augmented Reality Gets an Upgrade as Result of New Partnership Between Lumus and AddOptics

By: Alex Passett    6/20/2024

Lumus and AddOptics - the former an AR optics company developing reflective wavelength tech, the latter an AR lens/smart-wear prescription provider - …

Read More

The Rise of Eco-Apps: Hear How Technology is Helping Us Live Greener Lives

By: Contributing Writer    6/17/2024

In recent years, technology has revolutionized how we approach sustainability. One of the most significant developments in this realm is the advent of…

Read More

Introducing the Newest Addition to ITEXPO #TECHSUPERSHOW: Enterprise Cybersecurity Expo

By: TMCnet News    6/11/2024

TMC today announced the launch of Enterprise Cybersecurity Expo, set to take place from February 11-13, 2025, in Fort Lauderdale, Florida, at the Brow…

Read More

The Shifting Landscape: Emergent Technological Paradigms in Online Sports Wagering

By: Contributing Writer    6/7/2024

In the ever-evolving sphere of online sports wagering, technological advancements have been instrumental in reshaping the landscape, altering how enth…

Read More