This article describes the process logic and some details behind the “audio validation” breach in Google reCaptcha captchas, but its track-tracking class validation (the signature “I’m not a robot” check) is still difficult to crack.
ReCaptcha, as its name suggests, is an ambitious effort by Google to redefine captcha services. However, there is no impervious wall in the world. As powerful as Google, it can only retreat if it does not progress. This article describes the process logic and some details behind the “audio validation” breach in Google reCaptcha, but the innovative track-tracking validation class that it pioneered — its signature “I’m not a robot” check — is still hard to crack.
A team from the University of Maryland reportedly designed an automated attack program that cracked Google’s reCaptcha service with 85% accuracy.
The program, called unCaptcha by the team’s researchers, can break the “voice verification” option in Google reCaptcha.
In 2014, Google introduced a captcha service called reCaptcha among its public services in response to bots such as online registers that can create hundreds of spam accounts at once. CAPTCHA is Completely Automated Public Turing test to tell Computers and HumansApart. CAPTCHA is an abbreviation of CAPTCHA Completely Automated Public Turing test to tell Computers and HumansApart. “Re-captcha” is the name Google has given to its own verification technology that identifies real human logins from images, audio or text. (” RE “is a prefix for” RE, “Google’s ambition to redefine captcha services.)
“We verified unCaptcha’s capabilities through more than 450 tests on various websites and found that the average time to crack unCaptcha was just 5.42 seconds, The pass rate was 85.15 percent, “University of Maryland researchers Kevin Bock, Daven Patel, George Hughey and Dave Levin wrote in their report.
Rather than using text recognition, unCaptcha exploits the speech authentication capabilities provided by reCaptcha. The Maryland researchers explained: ‘A proportion of visually impaired users are unable to use captcha with words or images, which leads to voice authentication.’
This release of information can be clearly seen in the voice authentication method or there are more obvious vulnerabilities, the cost of breaking is not very high, coupled with a high success rate, batch bypass is very likely. In contrast, Google’s signature track-tracking verification code, “I’m not a robot,” still has a relatively high cost of bypass and a low success rate, and the technology remains relatively stable. At present, there are few security manufacturers in the world that provide the commercial application verification service of trajectory tracking technology. Domestic mainstream captcha, such as top image, is to collect user behavior and environmental information, combined with model and risk control analysis to distinguish human-machine.
UnCaptcha integrates an online “speech-to-text conversion” engine with advanced audio mapping technology, according to the study. First, the researchers selected the “Voice validation” option for Google reCaptcha using a browser autoaction plug-in, which then downloaded the sound file. A free voice-to-text service on the Internet will then recognize the voice files.
“After mapping each part of the audio, we combine the recognition results into an answer,” the researchers wrote. “When such a string of candidate characters is assembled, unCaptcha types the answer organically (through a uniform timing mechanism between each character) into the fill out box and hits the ‘submit’ key.”
This is not the first time Google reCaptcha has been breached. In March, researchers at east-EE, a security website, detailed a way to circumvent Google’s verification using Google’s own web tools. The tool, called ReBreakCaptcha, attacks Google’s verification service with a script that captures reCaptcha voice verification files using Google’s own API, then uses speech-to-text technology to generate text answers and fill in the answer boxes.
In addition, at the black Hat Asia conference in 2016, a team of researchers from Columbia University presented a paper called I am Not Human: A paper on Cracking the Google reCaptcha captcha claims that using their auto-id technology, reCaptcha image verification takes 19 seconds per reCaptcha crack, with a 70.78% success rate.
www.4hou.com/info/news/8…