We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Researchers break video Captcha security using robot vision

NuCaptcha working on revised design

Researchers at Stanford University have discovered a way to break state-of-the-security video Captchas of the sort deployed by companies such as NuCaptcha with a 90 percent success rate.

Rather than presenting users with a conventional static but scrambled series of letters and numbers, NuCaptcha's video version offers partially rotating text that also moves from left to right across the screen, in theory making it much harder for computer systems to reliably detect which elements of the image are the correct ones.

This has worked well - until now.

After converting the NuCaptcha videos into individual frames, the background image was removed by the researchers and the remaining letters turned into a black and white image to ease processing.

The team then used algorithms to nominate the most interesting objects in each frame, tracking these across frames as they changed. Next, they refined the number of objects by estimating the likely minimum size of the Captcha, subjecting the remaining ones to an algorithm designed to distinguish rotated letters from 'straight' ones.

Because the researchers had multiple frames for each Captcha they were trying to break - a feature of any Captchas that use video - they ended up with more data from which to do a complex pattern analysis using tools familiar to anyone from the field of machine or robotic vision.

Put another way, using the team's methodology video Captchas were actually be easier to beat than static ones because they offer more data from which to perform an analysis.

The team said its cracking technique worked between 80 percent and almost 100 percent of the time, depending on the analysis algorithms used to isolate Captcha letters from the moving field.

The researchers said they had worked closely with NuCaptcha during its research, which has since offered a technical response to news of the attack on its technology.

"It is with combined efforts of researchers [...] that potential weaknesses are discovered and resolved, prior to them becoming practice by attackers. No single Captcha will defend against every possible attack," NuCaptcha said.

The Stanford team believes that NuCaptcha's video security could still be made to work.

"What we need to do is to remove every discriminative feature that the attacker can use to tell apart decoy moving objects and the real Captchas," the researchers suggest, most easily by introducing visual decoys to reduce the effectiveness of pattern-isolation algorithms. NuCaptcha was working on a new version of its system to do this, the researchers and company confirmed.

Captcha (completely automated public Turing test to tell computers and humans apart) is not seen as the security barrier it was once believed to be, but it remains an important technique for slowing systems that register bogus accounts with webmail providers in order to generate spam.

Constant attacks have caused some to question the underlying effectiveness of the whole technology. Only a fortnight ago, the Cridex banking Trojan was found to be able to break the static Captchas used by Yahoo to secure its webmail services.

However, Internet companies would rather have an imperfect system that beats automated systems some of the time than none at all.

IDG UK Sites

Windows 10 for phones UK release date, price and new features: When will my phone get Windows 10?

IDG UK Sites

It's World Backup Day 2015! Don't wait another minute: back up now

IDG UK Sites

Get the free Adobe Comp CC iPad app for rapid layout design

IDG UK Sites

New 13-inch Retina MacBook Pro (early 2015, 2.7GHz) review: Just about the greatest upgrade any...