ABSTRACT
CAPTCHA is a standard security technology that presents tests to tell computers and humans apart. In this paper, we examine the security of a new CAPTCHA that was deployed until very recently by Megaupload, a leading online storage and delivery website. The security of this scheme relies on a novel segmentation resistance mechanism. However, we show that this CAPTCHA can be segmented using a simple but new automated attack with a success rate of 78%. It takes about 120 ms on average to segment each challenge on a standard desktop computer.
- von Ahn, L., Blum, M., and Langford, J. 2004. Telling humans and computers apart automatically. Commun. ACM 47, 2 (Feb. 2004), 56--60. http://doi.acm.org/10.1145/966389.96639 Google ScholarDigital Library
- K Chellapilla, K Larson, P Simard and M Czerwinski, "Designing human friendly human interaction proofs", ACM CHI'05, 2005. Google ScholarDigital Library
- Greg Mori and Jitendra Malik. "Recognising Objects in Adversarial Clutter: Breaking a Visual CAPTCHA", IEEE Conference on Computer Vision and Pattern Recognition (CVPR'03), Vol 1, June 2003, pp. 134--141. Google ScholarDigital Library
- J Yan and A S El Ahmad. "Breaking Visual CAPTCHAs with Naïve Pattern Recognition Algorithms", in Proc. of the 23rd Annual Computer Security Applications Conference (ACSAC'07). FL, USA, Dec 2007. IEEE computer society. pp 279--291.Google Scholar
- J Yan and A S El Ahmad. "A Low-cost Attack on a Microsoft CAPTCHA", 15th ACM Conference on Computer and Communications Security (CCS'08). Virginia, USA, Oct 27--31, 2008. ACM Press. pp. 543--554. Google ScholarDigital Library
- J Yan and A S El Ahmad. "Is cheap labour behind the scene? - Low-cost automated attacks on Yahoo CAPTCHAs", School of Computing Science Technical Report, Newcastle University, England. Apr, 2008.Google Scholar
- K Chellapilla, K Larson, P Simard and M Czerwinski, "Building Segmentation Based Human-friendly Human Interaction Proofs", 2nd Int'l Workshop on Human Interaction Proofs, Springer-Verlag, LNCS 3517, 2005. Google ScholarDigital Library
- M Chew and HS Baird. "BaffleText: a human interactive proof". Proc. of 10th IS&T/SPIE Document Recognition & Retrieval Conference, 2003.Google Scholar
- AL Coates, H S Baird and RJ Fateman. "PessimalPrint: A Reverse Turing Test", Int'l. J. on Document Analysis & Recognition, Vol. 5, pp. 158--163, 2003.Google Scholar
- HS Baird, MA Moll and SY Wang. "A highly legible captcha that resists segmentation attacks". Proc. of Second Int'l Workshop on Human Interactive Proofs (HIP'05), ed. by HS Baird and DP Lopresti, Springer Verlag. LNCS 3517, Bethlehem, PA, USA, 2005. Google ScholarDigital Library
- Reviewcentre. http://www.reviewcentre.com/reviews169598.html. Accessed in Feb, 2010.Google Scholar
- PWNtcha. http://caca.zoy.org/wiki/PWNtcha. Accessed in Feb 2010.Google Scholar
- J Yan and A S El Ahmad. "Usability of CAPTCHAs or usability issues in CAPTCHA design", Proceedings of the 4th Symposium on Usable Privacy and Security. SOUPS '08, vol. 337. ACM, NY, pp. 44--52. DOI= http://doi.acm.org/10.1145/1408664.1408671 Google ScholarDigital Library
- K Chellapilla, K Larson, P Simard and M Czerwinski, "Computers beat humans at single character recognition in reading-based Human Interaction Proofs", 2nd Conference on Email and Anti-Spam (CEAS), 2005.Google Scholar
- reCAPTCHA. http://recaptcha.net/. Accessed in Feb 2010.Google Scholar
- Plowshare. http://code.google.com/p/plowshare. Accessed in March 2010.Google Scholar
- Megaupload-dl. http://code.google.com/p/megaupload-dl/. Accessed in March 2010.Google Scholar
- Mu_captcha. http://herecomethelizards.co.uk/mu_captcha/. Accessed in March 2010.Google Scholar
Index Terms
- The robustness of a new CAPTCHA
Recommendations
A low-cost attack on a Microsoft captcha
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityCAPTCHA is now almost a standard security technology. The most widely deployed CAPTCHAs are text-based schemes, which typically require users to solve a text recognition task. The state of the art of CAPTCHA design suggests that such text-based schemes ...
DDIM-CAPTCHA: A Novel Drag-n-Drop Interactive Masking CAPTCHA against the Third Party Human Attacks
TAAI '13: Proceedings of the 2013 Conference on Technologies and Applications of Artificial IntelligenceA CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security mechanism that can be used to distinguish between humans and machines. Most existing CAPTCHA systems are vulnerable against a so-called "third party ...
Pitfalls in CAPTCHA design and implementation: The Math CAPTCHA, a case study
We present a black-box attack against an already deployed CAPTCHA that aims to protect a free service delivered using the Internet. This CAPTCHA, referred to as ''Math CAPTCHA'' or ''QRBGS CAPTCHA'', requests the user to solve a mathematical problem in ...
Comments