Attacking Image Recognition Captchas - A Naive but Effective Approach

The landscape of the World Wide Web today consists of a vast amount of services. While most of them are offered for free, the service providers prohibit their malicious usage by automated scripts. To enforce this policy, CAPTCHAS have emerged as a reliable method to setup a Turing test to distinguish between human and computers. Image recognition CAPTCHAS as one type of CAPTCHAS promise high human success rates. In this paper however, we develop an successful approach to attack this type of Captcha. To evaluate our attack we implemented a publicly available tool, which delivers promising results for the HumanAuth Captcha and others. Based upon our findings we propose several techniques for improving future versions of image recognition CAPTCHAS.

[1]  Arturo Ribagorda,et al.  Side-channel attack on labeling CAPTCHAs , 2009, ArXiv.

[2]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[3]  M. Tariq Banday,et al.  Image flip CAPTCHA , 2009, ISC Int. J. Inf. Secur..

[4]  Philippe Oechslin,et al.  Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.

[5]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[6]  Jeff Yan,et al.  CAPTCHA Security: A Case Study , 2009, IEEE Security & Privacy.

[7]  Arnaldo de Albuquerque Araújo,et al.  Classifying images collected on the World Wide Web , 2002, Proceedings. XV Brazilian Symposium on Computer Graphics and Image Processing.

[8]  David A. Forsyth,et al.  Matching Words and Pictures , 2003, J. Mach. Learn. Res..

[9]  Philippe Golle,et al.  Machine learning attacks against the Asirra CAPTCHA , 2008, CCS.

[10]  Jon Howell,et al.  Asirra: a CAPTCHA that exploits interest-aligned manual image categorization , 2007, CCS '07.

[11]  Jitendra Malik,et al.  Recognizing objects in adversarial clutter: breaking a visual CAPTCHA , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[12]  Jeff Yan,et al.  Usability of CAPTCHAs or usability issues in CAPTCHA design , 2008, SOUPS '08.

[13]  G. Moy,et al.  Distortion estimation techniques in solving visual CAPTCHAs , 2004, CVPR 2004.

[14]  J. Doug Tygar,et al.  Image Recognition CAPTCHAs , 2004, ISC.

[15]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[16]  Laura A. Dabbish,et al.  Labeling images with a computer game , 2004, AAAI Spring Symposium: Knowledge Collection from Volunteer Contributors.

[17]  Malek Ben Salem,et al.  Designing Host and Network Sensors to Mitigate the Insider Threat , 2009, IEEE Security & Privacy.