Google's Audio CAPTCHA Falls To Automated Attack

SkiifGeek writes "Early in March, Wintercore Labs published proof of a generic approach to defeating audio CAPTCHAs, using Google's as the case study for their demonstration. With claims of over 90% success rate and expectations that this can be significantly improved with the right mix of filtering algorithms, the in-house tool remains unreleased. But it shouldn't take long for other developers to create their own tools and start targeting not only Google, but other sites that use audio CAPTCHAs for the vision-impaired. It isn't the first time that major sites (significantly major webmail providers) have had their CAPTCHAs broken, but it is the first reporting of defeating an audio CAPTCHA using a generic software approach. News about the discovery is slowly starting to spread."

Solving CAPTCHAs is a waste of time

[sakdoctor]

Apart from OCRing books, I can't think of anything else that is not a total waste of human time. How about meta-moderating as a CAPTCHA activity; probably too fuzzy to work to a reasonable degree of accuracy.

Basically I think the arms race is already over, and a new paradigms is needed,

Re:probably borrowing from IVR technology

[Qzukk]

IVR works as well as it does because it only has to understand numbers when it's expecting numbers and words when it's expecting words (and then only the words it expects to hear, try yelling "banana" at one). Also try calling your credit card company and telling it your card number is four quadrillion three hundred fifty-two trillion one hundred twelve billion five hundred forty-two million six hundred ninety-five thousand and one.

If your audio captcha reads each letter one at a time, then your "IVR" only has to be able to distinguish 26 sounds (36 if you have digits too).

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:More easier to detect a bot

[Gavagai80]

In the case of a high profile target like gmail, they're doing it from thousands of IPs in a botnet.