Researchers Fool ReCAPTCHA With Google's Own Speech-To-Text Service (vice.com) 31
Researchers at the University of Maryland have managed to trick Google's reCaptcha system by using Google's own speech-to-text service. "[The researchers] claim that their CAPTCHA-fooling method, unCaptcha, can fool Google's reCaptcha, one of the most popular CAPTCHA systems currently used by hundreds of thousands of websites, with a 90 percent success rate," reports Motherboard. From the report: The researchers originally developed UnCaptcha in 2017, which uses Google's own free speech-to-text service to trick the system into thinking a robot is a human. It's an oroborus of bots: According to their paper, UnCaptcha downloads the audio captcha, segments the audio into individual digit audio clips, uploads the segments to multiple other speech-to-text services (including Google's), then converts these services' responses to digits. After a little homophone guesswork, it then decides which speech-to-text output is closest to accurate, and uploads the answer to the CAPTCHA field. This old method returned an 85% success rate.
After the release of that version of unCaptcha, Google fixed some of the loopholes that made it work, including better browser automation detection and switching to spoken phrases, rather than digits. The researchers claim that their new method, updated in June, gets around these improvements and is even more accurate than before, at 90 percent. "We have been in contact with the ReCaptcha team for over six months and they are fully aware of this attack," the researchers write. "The team has allowed us to release the code, despite its current success."
After the release of that version of unCaptcha, Google fixed some of the loopholes that made it work, including better browser automation detection and switching to spoken phrases, rather than digits. The researchers claim that their new method, updated in June, gets around these improvements and is even more accurate than before, at 90 percent. "We have been in contact with the ReCaptcha team for over six months and they are fully aware of this attack," the researchers write. "The team has allowed us to release the code, despite its current success."
Is there any way to make it play itself? (Score:2)
"Yes. Number of players: zero"
Suspenseful music begins
Re: (Score:2)
Mongo only pawn in cave of life (Score:1)
Mongo upset at neo-trogs with keyboards, how make fire? Mystery anger! Must smash cave-diploma, but cannot find! Mongo know, will whine online somehow anyway. Cave irony... Mongo no sympathy, Mongo sad about Mongo.
Sad cave.
Fermi's Great Filter. (Score:2)
Success rate (Score:3)
Re: (Score:2)
So what I want to know is when they'll make their tool available to us regular humans (or reasonable facsimiles thereof )
A bit late? (Score:2)
Aren't they a bit late in this hack? Just a few months ago we had this story about how google is redesigning the recaptcha to not even require user interaction anymore:
https://tech.slashdot.org/stor... [slashdot.org]
So it sounds like they are hacking an old version that is already in the process of being retired.
Re: Google being in too many places (Score:3)
It's time for President Trump to get out his trust-busting stick. Break up Alphabet!
Android - separate company
Chrome - separate company
YouTube - separate company
Gmail - separate company
Search - separate company
Advertising - separate company
Maps - separate company
Break up Alphabet now! Stop Google before it's too late!
Blind and deaf defeat ReCaptcha! (Score:2)
The real issue is that audio of a CAPTCHA (for blind accessibility) defeats the CAPTCHA. The second part is speech-to-text (for deaf accessibility) brings it full circle. What they really need is a true audio version of CAPTCHA that speech-to-text is likely to flub.
Omnipotence Paradox (Score:2)
Can Google design a CAPTCHA that's too difficult for their text-to-speech to read?
Re: (Score:2)
Can Google design a CAPTCHA that's too difficult for their text-to-speech to read?
Google isn't reading its own CAPTCHA, they generate it and offer a speech version for accessibility to the visually impaired. It's not very difficult to create some horribly mangled text though, the problem is creating one that untrained, average humans can solve but computers don't. CloudFlare at some point went overboard [imgur.com] on this, resulting in CAPTCHAs that were near impossible for a human to reliably read. And bots don't care if they have a mediocre success rate, for humans it's extremely frustrating to t