Attacking Animated CAPTCHAs via Character Extraction

It is widely accepted that one of the principles in state-of-the-art text-based CAPTCHA design, requires that a robust CAPTCHA scheme be segmentation-resistant. This paper establishes the fact that the segmentation-resistant principle does not only apply to traditional single image CAPTCHAs, but is very much relevant to the design of animated CAPTCHAs. In this paper, we show that animated CAPTCHAs not designed with this principle in mind can be easily be broken using simple techniques to extract individual characters from the animation frames. We present our experimental results on attacking 13 existing animated CAPTCHAs.

[1]  John C. Mitchell,et al.  Text-based CAPTCHA strengths and weaknesses , 2011, CCS '11.

[2]  Yang-Wai Chow,et al.  Breaking an Animated CAPTCHA Scheme , 2012, ACNS.

[3]  Mary Czerwinski,et al.  Building Segmentation Based Human-Friendly Human Interaction Proofs (HIPs) , 2005, HIP.

[4]  Yuko Murayama,et al.  Future Challenges in Security and Privacy for Academia and Industry , 2011 .

[5]  Patrice Y. Simard,et al.  Using Machine Learning to Break Visual Human Interaction Proofs (HIPs) , 2004, NIPS.

[6]  G. Moy,et al.  Distortion estimation techniques in solving visual CAPTCHAs , 2004, CVPR 2004.

[7]  Jeff Yan,et al.  CAPTCHA Security: A Case Study , 2009, IEEE Security & Privacy.

[8]  Marc Fischlin,et al.  Breaking reCAPTCHA: A Holistic Approach via Shape Recognition , 2011, SEC.

[9]  Xia Wang,et al.  A CAPTCHA Implementation Based on Moving Objects Recognition Problem , 2010, 2010 International Conference on E-Business and E-Government.

[10]  Jitendra Malik,et al.  Recognizing objects in adversarial clutter: breaking a visual CAPTCHA , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[11]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[12]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[13]  Shujun Li,et al.  Breaking e-banking CAPTCHAs , 2010, ACSAC '10.

[14]  Mary Czerwinski,et al.  Computers beat Humans at Single Character Recognition in Reading based Human Interaction Proofs (HIPs) , 2005, CEAS.

[15]  Mary Czerwinski,et al.  Designing human friendly human interaction proofs (HIPs) , 2005, CHI.

[16]  Daniel P. Lopresti,et al.  Human Interactive Proofs, Second International Workshop, HIP 2005, Bethlehem, PA, USA, May 19-20, 2005, Proceedings , 2005, HIP.

[17]  Jeff Yan,et al.  The robustness of a new CAPTCHA , 2010, EUROSEC '10.

[18]  Jeff Yan,et al.  Breaking Visual CAPTCHAs with Naive Pattern Recognition Algorithms , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).