Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Hackers Listened Their Way Around Google's Recaptcha

Posted by timothy on from the listen-to-what-the-flower-children-scream dept.

An anonymous reader writes with this story at Ars Technica: "Three self-taught hackers from the DC949 hacker collective managed to use a combination of techniques to beat ReCaptcha with 99.1% accuracy (better than most humans!)" In short, the hackers skipped the visual part of the Recaptcha system entirely, focusing on the audio alternative, which gave them a few convenient angles of attack. Google responded with changes to the system, but that doesn't minimize their accomplishment.

6 of 101 comments (clear)

  1. Singularity by MrEricSir · · Score: 3, Insightful

    Since they beat the Turing Test, this means we've reached the AI singularity... right?

    --
    There's no -1 for "I don't get it."
  2. Snake meet tail by V-similitude · · Score: 5, Insightful

    I realized there's an interesting aspect to this, in that gVoice transcription is actively trying to do basically the same thing these guys did* (albeit in a far more general way). Wonder how gVoice would do transcribing google's own recaptcha audio. Someone go try that. Either way though, it's an interesting dilemma if they ever got automatic transcription good enough to defeat these audio recaptchas.

    * Well, after RTFA, I realize that a fair bit of what they did was actually more related to hashing (and the pseudo-random generator) vs actually trying to parse the audio, but still.

  3. Re:Another solution.. by Anonymous Coward · · Score: 5, Insightful

    Reminds me of the story of the guy who would play 8 games of chess simulataneously in an octagon and absolutely guarantee he'd win 50% of the games at least.

    He then proceeded to play the moves of the players opposite each other against each other.

  4. I bet Siri could solve it. by niftymitch · · Score: 4, Insightful

    I bet Siri could solve it.
    All the voice tools out there could be harnessed to this sad end.

    --
    Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
  5. Re:How far behind were the criminals/spammers? by Baloroth · · Score: 5, Insightful

    Because even a very "high" accuracy machine system is still going to add a significant barrier to automatically cracking the results, especially if Google continues altering reCAPTCHA like they do. While you won't eliminate 100% of attackers, you can eliminate the vast majority, and slow down the attackers that do get through. The alternative is to use nothing, and believe me: you absolutely do not want that. The Internet would be 99.99999999% spam almost overnight if that happened.

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
  6. Re:How far behind were the criminals/spammers? by Main+Gauche · · Score: 4, Insightful

    Now it appears that machines can beat captcha and recaptcha very easily. So WHY do we still see these schemes in use?

    Could you give me your address, and let me know when you won't be home? (I presume you no longer lock your house.)