Greeks broke Google & Facebook CAPTCHA

Three security researchers have devised a new automated which can break the CAPTCHA systems used by Google and Facebook.CAPTCHA

The researchers used a large number of actors to carry out their attack and bypass CAPTCHA security measures (, tokens). They used machine learning to “guess” the correct CAPTCHA image with a very high degree of accuracy.

The results of this new attack were much better than expected. In the reCAPTCHA by Google, the researchers recorded a success rate of 70,78% on over 2.235 CAPTCHAs. The average CAPTCHA solving time was 19,2 seconds.

On Facebook, the researchers had a better success rate where they caught a 83,5% over 200 CAPTCHAs.

The best accuracy rate in solving Facebook CAPTCHAs stems from the fact that the uses images with higher , και απεικονίζει αντικείμενα από διαφορετικές κατηγορίες. Η Google, από την άλλη πλευρά, χρησιμοποιεί φωτογραφίες χαμηλής ποιότητας, που πάντα σχετίζονται μεταξύ τους, γεγονός που καθιστά την image classification much more difficult.

Researchers have provided Google and Facebook with the findings of their study and say that Google has taken some steps to re-security the reCAPTCHA while Facebook has not yet answered them.

The researchers are: Suphannee Sivakorn, Jason Polakis, and Angelos D. Keromytis and their research is called I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs, and is available on the section's page Of Computer Science of the University of Columbia. Another copy is also available through Black Hat Asia 2016 where the attack was presented.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).