Google ReCAPTCHA Cracked In New Automated Attack

An anonymous reader writes: A trio of security researchers have devised a new automated attack that can break the CAPTCHA systems employed by Google and Facebook. On Google's reCAPTCHA system, researchers recorded a 70.78 percent success rate over 2,235 CAPTCHAs. Average CAPTCHA solving time was 19.2 seconds. They achieved a better success rate on Facebook's system, where they had a success rate of 83.5 percent on over 200 CAPTCHAs, but this was mainly because of higher quality images, and photos were selected from different topics, and were also easier to recognize and classify. For attackers, the whole automated system would cost only $110 a day, per IP address, and would allow them to crack around 63,000 CAPTCHAs in 24 hours from one IP address without being detected and getting banned.

Captcha cracking using AI is a losing battle

[140Mandak262Jamuna]

Captcha generation can be scaled up quite cheaply and the cracking it automatically does not scale well. But why bother to create a complex system to mimic a human brain, when human brain itself is available for hire for a pittance? You could hire someone in India to manually solve some 30 to 60 captcha an hour for about 100 Rs per hour, or less than $1.50. This method of cracking captcha is unbeatable because, you can not make Captcha more difficult without hampering legitimate users.