How Hackers Listened Their Way Around Google's Recaptcha 101
Posted
by
timothy
from the listen-to-what-the-flower-children-scream dept.
from the listen-to-what-the-flower-children-scream dept.
An anonymous reader writes with this story at Ars Technica: "Three self-taught hackers from the DC949 hacker collective managed to use a combination of techniques to beat ReCaptcha with 99.1% accuracy (better than most humans!)" In short, the hackers skipped the visual part of the Recaptcha system entirely, focusing on the audio alternative, which gave them a few convenient angles of attack. Google responded with changes to the system, but that doesn't minimize their accomplishment.
Singularity (Score:4, Insightful)
Since they beat the Turing Test, this means we've reached the AI singularity... right?
Snake meet tail (Score:5, Insightful)
I realized there's an interesting aspect to this, in that gVoice transcription is actively trying to do basically the same thing these guys did* (albeit in a far more general way). Wonder how gVoice would do transcribing google's own recaptcha audio. Someone go try that. Either way though, it's an interesting dilemma if they ever got automatic transcription good enough to defeat these audio recaptchas.
* Well, after RTFA, I realize that a fair bit of what they did was actually more related to hashing (and the pseudo-random generator) vs actually trying to parse the audio, but still.
Re:Another solution.. (Score:5, Insightful)
Reminds me of the story of the guy who would play 8 games of chess simulataneously in an octagon and absolutely guarantee he'd win 50% of the games at least.
He then proceeded to play the moves of the players opposite each other against each other.
I bet Siri could solve it. (Score:4, Insightful)
I bet Siri could solve it.
All the voice tools out there could be harnessed to this sad end.
Re:How far behind were the criminals/spammers? (Score:5, Insightful)
Because even a very "high" accuracy machine system is still going to add a significant barrier to automatically cracking the results, especially if Google continues altering reCAPTCHA like they do. While you won't eliminate 100% of attackers, you can eliminate the vast majority, and slow down the attackers that do get through. The alternative is to use nothing, and believe me: you absolutely do not want that. The Internet would be 99.99999999% spam almost overnight if that happened.
Re:How far behind were the criminals/spammers? (Score:5, Insightful)
Now it appears that machines can beat captcha and recaptcha very easily. So WHY do we still see these schemes in use?
Could you give me your address, and let me know when you won't be home? (I presume you no longer lock your house.)