Computer researchers at the Stanford Security Laboratory have created a computer program to decode audio CAPTCHAs on website account registration forms, thus revealing a security flaw that leaves users vulnerable to automated attacks.
CAPTCHA, which stands for Completely Automated Public Turing Test to tell Computers and Humans Apart, is a computer program meant to identify humans. It is a widespread security system used by websites to determine whether a user is actually human.
There are two types of CAPTCHA programs. One deals with wavy images and the other is concerned with audio. In case of wavy images, if a user registers for online access to a website, it is likely he or she is required, as part of the process, to correctly read a group of distorted letters and numbers on the screen. That's a simple test to prove you are a human, not a computer program with malicious intent. Though computers are good at filling out forms, they struggle to decipher these wavy images crisscrossed with lines. This process is known as CAPTCHA, according to the researchers.
The audio CAPTCHA is designed to help the visually impaired. It requires users to accurately listen to a string of spoken letters and/or numbers disguised with background noise.
According to Stanford researchers, they have found an audible security flaw in the audio CAPTCHA.
Now computer science professor John Mitchell and postdoctoral researcher Elie Bursztein, along with other staff members of the Stanford Security lab, have built a computer program that can correctly decipher commercial audio CAPTCHA used by Digg, eBay, Microsoft, Yahoo and reCAPTCHA, a company that creates CAPTCHAs. The results were presented during a symposium on security and privacy in Oakland, Calif.
The Stanford program is called DeCAPTCHA, and it successfully decoded Microsoft's audio CAPTCHA about 50 percent of the time, said the researchers. However, decoding reCAPTCHA’s codes was not easy. According to the researchers, “they correctly broke only about one percent of reCAPTCHA's codes, the most difficult ones of those tested.” But the Stanford researchers believe that even this small success rate is considered trouble for websites such as YouTube and Facebook that get hundreds of millions of visitors each day.
"In the battle of humans versus computers, we lost round one for audio captchas," Bursztein said. "But we have a good idea of what round two should be," added Bursztein.
To test the program, the researchers generated 4 million audio CAPTCHAs mixed with white noise, echoes or music. After training DeCAPTCHA with some samples, they found that the program easily decoded CAPTCHAs mixed with static or repetition with a 60 to 80 percent success rate. But, with background music, the task was more difficult.
Antivirus software is not enough. Apex Technology Services used its decades of IT and cybersecurity
experience to create budget-friendly network security packages every company needs.
Please take a moment to fill out your information so we can contact you directly regarding your request.
Shabodi, an Application Enablement Platform (AEP) provider unleashing advanced network capabilities in LTE, 5G, 6G, and Wi-Fi 6, announced they have l…
Endpoint protection, also known as endpoint security, is a cybersecurity approach focused on defending computers, mobile devices, servers, and other e…
Databricks is an innovative data analytics platform designed to simplify the process of building big data and artificial intelligence (AI) solutions. …
Blue/green deployment is a software release management strategy that aims to reduce downtime and risk by running two identical production environments…
Lateral movement is a term used in cybersecurity to describe the techniques that cyber attackers use to progressively move through a network in search…