unCAPTCHA: Google was quick to celebrate the security offered by its reCAPTCHA service, one system which automatically recognizes that you are not a bot.
A team of researchers from University του Maryland ανέπτυξαν ένα νέο αλγόριθμο, που τον ονόμασαν unCAPTCHA. Ο νέος αλγόριθμος μπορεί να νικήσει το σύστημα reCAPTCHA της Google με ποσοστό επιτυχίας 85 τοις εκατό. Η συγκεκριμένη μέθοδος εκμεταλλεύεται μια ευπάθεια στην έκδοση ήχου του reCAPTCHA.
The researchers used browser automation software to analysis of the necessary data and determining the numbers reported by Google. Then they transmitted these numbers programmatically, with the intention of fooling them points that makes Google's AI distinguish bots from humans.
To make this happen, the AI they developed violates several known flaws in Google's security system to significantly reduce the level of suspicion of reCAPTCHA.
Most impressively, the researchers used a number of audio transcription services to beat the system. Curiously, these services it was IBM, Google Cloud and Speech Recognition, Sphinx, Wit-AI, but also Bing Speech Recognition. So, somehow, the researchers used Google technology to hack Google technology.
Following the revelation of this flaw in the Big G in April, researchers report that the company has added some additional protections that limit the success rate of unCAPTCHA.
"For example, Google has also improved browser automation detection. In addition, we have noticed that some sounds include not only digits but also small excerpts of spoken text. ”
Researchers have since released the complete PoC in a paper where you can see all the details [PDF]. The paper was officially presented at Usenix WOOT '17 held in Vancouver.
Watch the video