Hearing Security Issues with Captcha?

2 June 2011

IT experts from Stanford University’s Security Laboratory have developed software – called Decaptcha – that has further highlighted the on-going issues with online security and highlights that changes need to be made to the audio version of Captcha.

Basically Captcha (or Completely Automated Public Turing test to tell Computers and Humans Apart) is the word test that is used to clarify if website users are human as a means to prevent spam by getting the user to identify a word buried in a distorted image – which computers struggle to identify.

However, a flaw has been found in audio Captchas – which is the version used by people who are visually impaired. The researchers have developed the software – called Decaptcha – to recognize letters and numbers when spoken, and then tested the software capabilities by feeding it with new Captchas, which worryingly proved to be successful.

The results revealed that the audio Captcha on eBay could be hacked 82 per cent of the time, Microsoft 48.9 per cent of the time, Yahoo 45.5 per cent of the time, while 42 per cent of the time on Digg. These are very worrying statistics as many experts are concerned that cyber criminals will be able to use such a programme to get past security measures introduced by websites like Yahoo, eBay, Facebook, Youtube and Ticketmaster etc to scam the public. For example, hackers could use Decaptcha (or other automated programmes) to beat security measures and buy masses of tickets and sell them on for an inflated price.

“A computer algorithm that solves one Captcha out of every 100 attempts would allow an attacker to set up enough fraudulent accounts to manipulate user behaviour or achieve other ends on a target site,” the researchers from Stanford University and Tulane University revealed.

The best security results were achieved when music with lyrics is used – as computers have a problem being able to distinguish between the forefront sounds from the background tune. The first step will obviously be for reCAPCHA (who are responsible for Capcha) to beef up security, ideally by using an effective music bed to ensure hacking audio capchas is more difficult.

Talk to our consultation team today

Contact Us

I can honestly say that your excellent customer service and communication has made our forensic instructions to you exceptionally easy. I am very conscious of the amount of time I must have taken up with various queries, requests, and then changed requests but you have always been very patient, polite and extremely helpful.

Case Review Manager - Criminal Cases Review Commission