How a trio of hackers brought Google’s reCAPTCHA to its knees

    0
    104

    The background noise added to the audio version of Google’s reCAPTCHA didn’t include high frequencies, making it easy for histograms like this one to pinpoint the six distinct words included in each challenge.

    Google revamped its reCAPTCHA system, used to block automated scripts from abusing its online services, just hours before a trio of hackers unveiled a free system that defeats the widely used challenge-response tests with more than 99 percent accuracy.

    Stiltwalker, as the trio dubbed its proof-of-concept attack, exploits weaknesses in the audio version of reCAPTCHA, which is used by Google, Facebook, Craigslist and some 200,000 other websites to confirm that humans and not scam-bots are creating online accounts. While previous hacks have also used computers to crack the Google-owned CAPTCHA (short for Completely Automated Public Turing test to tell Computers and Humans Apart) system, none have achieved Stiltwalker’s impressive success rate.

    “The primary thing which makes Stiltwalker stand apart is the accuracy,” wrote Adam, one of the three hackers who devised the attack, in an e-mail. “According to the lead researcher from the Carnegie Mellon study, the system we attacked was believed to be ‘secure against automatic attack,'” he added, referring to this resume from a Carnegie Mellon University computer scientist credited with designing the audio CAPTCHA.

    Read more | Comments

    Visit link:
    How a trio of hackers brought Google’s reCAPTCHA to its knees

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.