Google's Audio CAPTCHA Falls To Automated Attack

SkiifGeek writes "Early in March, Wintercore Labs published proof of a generic approach to defeating audio CAPTCHAs, using Google's as the case study for their demonstration. With claims of over 90% success rate and expectations that this can be significantly improved with the right mix of filtering algorithms, the in-house tool remains unreleased. But it shouldn't take long for other developers to create their own tools and start targeting not only Google, but other sites that use audio CAPTCHAs for the vision-impaired. It isn't the first time that major sites (significantly major webmail providers) have had their CAPTCHAs broken, but it is the first reporting of defeating an audio CAPTCHA using a generic software approach. News about the discovery is slowly starting to spread."

Spread the love

[snarfies]

"News about the discovery is slowly starting to spread."

And, thanks to Slashdot, news about the discovery is now RAPIDLY spreading.

Are all audio CAPTCHAs failures?

[MrCrassic]

So given that (I assume) all audio CAPTCHAs have the same problem (i.e., the numbers and clearer voices can easily be found using audio analysis), does that mean that all audio-based CAPTCHAs are bound to fail?

Re:probably borrowing from IVR technology

[natebarney]

four quadrillion three hundred fifty-two trillion one hundred twelve billion five hundred forty-two million six hundred ninety-five thousand and one And what's the three digit security code?

Re:captchas are obsolete

[mapkinase]

Multiple choice are just silly. If there are 5 choices, in about ~5 tries the robot will pass the protected entrance.

Re:More easier to detect a bot

[Keichann]

If only somebody could distribute their bots into a kind of network? Then you'd get traffic arriving from all over the place, that would be significantly more difficult to detect!

Quick, mod this post down, in case a neer-do-well were to get any ideas.