Stanford Computer Researchers Decode Internet Security Code

By

Computer researchers at the Stanford Security Laboratory have created a computer program to decode audio CAPTCHAs on website account registration forms, thus revealing a security flaw that leaves users vulnerable to automated attacks.

CAPTCHA, which stands for Completely Automated Public Turing Test to tell Computers and Humans Apart, is a computer program meant to identify humans. It is a widespread security system used by websites to determine whether a user is actually human.  

There are two types of CAPTCHA programs. One deals with wavy images and the other is concerned with audio. In case of wavy images, if a user registers for online access to a website, it is likely he or she is required, as part of the process, to correctly read a group of distorted letters and numbers on the screen. That's a simple test to prove you are a human, not a computer program with malicious intent. Though computers are good at filling out forms, they struggle to decipher these wavy images crisscrossed with lines. This process is known as CAPTCHA, according to the researchers.

The audio CAPTCHA is designed to help the visually impaired. It requires users to accurately listen to a string of spoken letters and/or numbers disguised with background noise.

According to Stanford researchers, they have found an audible security flaw in the audio CAPTCHA.

Now computer science professor John Mitchell and postdoctoral researcher Elie Bursztein, along with other staff members of the Stanford Security lab, have built a computer program that can correctly decipher commercial audio CAPTCHA used by Digg, eBay, Microsoft, Yahoo and reCAPTCHA, a company that creates CAPTCHAs. The results were presented during a symposium on security and privacy in Oakland, Calif.

The Stanford program is called DeCAPTCHA, and it successfully decoded Microsoft's audio CAPTCHA about 50 percent of the time, said the researchers. However, decoding reCAPTCHA’s codes was not easy. According to the researchers, “they correctly broke only about one percent of reCAPTCHA's codes, the most difficult ones of those tested.” But the Stanford researchers believe that even this small success rate is considered trouble for websites such as YouTube and Facebook that get hundreds of millions of visitors each day.

"In the battle of humans versus computers, we lost round one for audio captchas," Bursztein said. "But we have a good idea of what round two should be," added Bursztein.

To test the program, the researchers generated 4 million audio CAPTCHAs mixed with white noise, echoes or music. After training DeCAPTCHA with some samples, they found that the program easily decoded CAPTCHAs mixed with static or repetition with a 60 to 80 percent success rate. But, with background music, the task was more difficult.


Ashok Bindra is a veteran writer and editor with more than 25 years of editorial experience covering RF/wireless technologies, semiconductors and power electronics. To read more of his articles, please visit his columnist page.

Edited by Rich Steeves
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Shabodi Accelerates Adoption of Network-Aware Applications with CAMARA API Enterprise Reference Implementation

By: Special Guest    2/16/2024

Shabodi, an Application Enablement Platform (AEP) provider unleashing advanced network capabilities in LTE, 5G, 6G, and Wi-Fi 6, announced they have l…

Read More

How Much Does Endpoint Protection Cost? Comparing 3 Popular Solutions

By: Contributing Writer    2/2/2024

Endpoint protection, also known as endpoint security, is a cybersecurity approach focused on defending computers, mobile devices, servers, and other e…

Read More

What Is Databricks? Simplifying Your Data Transformation

By: Contributing Writer    2/2/2024

Databricks is an innovative data analytics platform designed to simplify the process of building big data and artificial intelligence (AI) solutions. …

Read More

What Is Blue/Green deployment?

By: Contributing Writer    1/17/2024

Blue/green deployment is a software release management strategy that aims to reduce downtime and risk by running two identical production environments…

Read More

The Threat of Lateral Movement and 5 Ways to Prevent It

By: Contributing Writer    1/17/2024

Lateral movement is a term used in cybersecurity to describe the techniques that cyber attackers use to progressively move through a network in search…

Read More