I'm Not a Human: Breaking the Google Recaptcha

preview_player
Показать описание
by Iasonas Polakis & Suphannee Sivakorn

Since their inception, captchas have been widely used for preventing fraudsters from performing illicit actions. Nevertheless, economic incentives have resulted in an arms race, where fraudsters develop automated solvers and, in turn, captcha services tweak their design to break the solvers. Recent work, however, presented a generic attack that can be applied to any text-based captcha scheme. Fittingly, Google recently unveiled the latest version of reCaptcha. The goal of their new system is twofold; to minimize the effort for legitimate users, while requiring tasks that are more challenging to computers than text recognition. ReCaptcha is driven by an "advanced risk analysis system" that evaluates requests and selects the difficulty of the captcha that will be returned. Users may be required to click in a checkbox, or identify images with similar content.

In this paper, we conduct a comprehensive study of reCaptcha, and explore how the risk analysis is influenced by each aspect of the request. Through extensive experimentation, we identify flaws that allow adversaries to effortlessly influence the risk analysis process, bypass restrictions, and deploy large-scale attacks. Subsequently, we design a novel low-cost attack that leverages deep learning technologies for the semantic annotation of images. Our system is extremely effective, automatically solving 70.78% of the image reCaptcha challenges, while requiring only 19 seconds per challenge. We also apply our attack to the Facebook image captcha and achieve an accuracy of 83.5%. Based on our experimental findings, we propose a series of safeguards and modifications for impacting the scalability and accuracy of our attacks. Overall, while our study focuses on reCaptcha, our findings have wide implications; as the semantic information conveyed via images is increasingly within the realm of automated reasoning, the future of captchas relies on the exploration of novel directions.
Рекомендации по теме
Комментарии
Автор

the sound quality is really bad. She was right in the beginning when she mentioned it ...

theitalian
Автор

The cookie thing was one of the closely guarded secrets of BH SEO. These guys just blew it away. I wonder how long will Google take to patch that hole.

galileo_rs
Автор

5:31 automatic subtitles: "we guess what kind of shit does Google do"

konstantingeist
Автор

So how I can pass through recaptcha in sites ?

danieldimitrov
Автор

this is triggering. Everytime the recaptcha no captcha thing appears, it asks me to do a lot of stuff. they think im a bot!!!11!1 Gugal nubz

botty
Автор

Someone should invent a plugin that categorises all recaptcha images and when they've been completed once by a user then completes that image for other users (with small variations to avoid exactness detection).

Kie-
Автор

simple, dont use a proxy. if google sense ur under MITM it always gives you this.

nuclearfootball
Автор

Amazing presentation. Covered everything that I would mention when trying to crack a captcha. My very first thought on the Image ones were to use Google reverse Image search. Thank you for showing some alternatives with Keywords though!

PhiManLP
Автор

So. They poked a locked door with a stick and punched a hole right through. Then they went to a store and politely asked the staff to help them rob it. And the staff helped them. Computers are weird.

АндрейБеньковский-шк
Автор

hi i need to contact this woman can any one have her email

ahmedimadeddinemekhellet
Автор

Singapore girls are smart. And funny too

xl
Автор

My brain hurts with this Chinese speaking chicken.

JohnSmith-bxgf