unCAPTCHA Breaks reCAPTCHA
Written by Karolis Liucveikis on (updated)
Google’s reCAPTCHA has become one of the staple security innovations protecting users from spam and abuse in recent years. Advertised as a free service offered by tech giants Google, reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site. This is intended to allow only legitimate users access to your website.
In research published by the Computer Science Department at the University of Maryland (UM), a team of four created a system which effectively breaks reCAPTCHA with an accuracy of 85%. Anything which can break reCAPTCHA to an accuracy of over 1% is considered broken.
The automated system, termed unCAPTCHA by the team from UM, works by not targeting the image-based challenge but rather the audio version that Google added so people with disabilities can solve its puzzle. In summary, this is done by downloading the audio puzzle and feeding it to six text-to-speech (TTS) systems, aggregating the results, and feeding most probable answer back to Google's servers.
In tests carried out by the team, it was shown that unCAPTCHA can break 450 reCAPTCHA challenges with an 85.15% accuracy in 5.42 seconds, which is less time taken for a human to listen to one reCAPTCHA audio challenge. In order to do this, the code uses TTS systems such as Bing Speech Recognition, IBM, Google Cloud, Google Speech Recognition, Sphinx. The code has been made available on GitHub.
At the end of the team's published research paper, the team proposed several countermeasures Google could implement in order to make reCAPTCHA more robust. Those measures included increasing the vocabulary used by the security measure, this would provide a quick fix in the meantime while other measures could be deployed. Those other measures could include checking for simple impossibilities, such as moving the mouse faster than a human possibly could, clicking the precise center of an element, or solving captchas faster than they can be heard would help bolster security against less sophisticated bots. The research team also recommended adding background noise which would make it more difficult for bots to break the security measure.
ReBreakCAPTCHA operates in a similar way
At the start of March of this year, another researcher published a paper which detailed how reCAPTCHA was broken using a similar technique. The code was also published on GitHub, with the researcher claiming that a “logic vulnerability” was discovered that allowed him to create a Python script that is fully capable of bypassing Google's reCAPTCHA fields using another Google service, the Speech Recognition API. The researcher, who goes by the name East-EE, termed his attack ReBreakCAPTCHA. East-EE says his attack only works against Google reCAPTCHA v2, the current version of the reCAPTCHA service. The attack uses audio challenges, a secondary checking system available only when pushing a button at the bottom of the normal reCAPTCHA popup.
It seems that the major difference between unCAPTCHA and ReBreakCAPTCHA is how and if Google were notified of the flaw. The researchers who worked on unCAPTCHA notified Google of their work in advance, to which it appears Google has added extra security features in line with their research and recommendations. The team said "For instance, Google has also improved their browser automation detection. This means that Selenium (http://www.seleniumhq.org/) cannot be used in its current state to get captchas from Google. This may lead to Google sending odd audio segments back to the end user. Additionally, we have observed that some audio challenges include not only digits but small snippets of spoken text."
With the researcher behind ReBreakCAPTCHA, it is unclear whether he notified Google or not. If not this could pose a clear security threat as many of the methods employed by the researcher can be automated making the method potentially appealing to attackers. As the unCAPTCHA research was released later, hopefully, the vulnerabilities posed by both sets of research have been made redundant. Google, since 2016, has been working on the third version of reCAPTCHA termed Invisible reCAPTCHA which needs minimal user interaction.
A busy week for reCAPTCHA vulnerabilities
In the wake of the Bad Rabbit ransomware outbreak, a lot of other cybersecurity news flew under the radar. This included the unCAPTCHA research and another team’s work which also looked to break reCAPTCHA. Last week researchers published a paper in Science that details how they created an AI algorithm that works on the same principles of the human eye, and that can break various CAPTCHA systems with accuracies of over 50%. This new system solved Google reCAPTCHAs with 66.6% accuracy, BotDetect with 64.4%, Yahoo with 57.4%, and PayPal image challenges with 57.1%.
The 12 man team designed their AI algorithm to go through the same steps a human eye and brain go through when viewing an image. In order to do this, the algorithm recognizes the edges of shapes, categorizes the shape, the angle at which an observer is looking at the shape, and then attempts to match the shape with a standard form of a letter or number (usually stored in the AI as a Georgia font character). This method has been called Recursive Cortical Network (RCN) with researchers believing it to be significantly different from a similar method discovered by another team called the Convolutional Neural Network (CNN) model.
The researchers behind the RCN model believe it to be superior to the CNN model as it requires less training and can work outside of the strict rules used to train the algorithm, allowing it to adapt to new CAPTCHA systems. In comparison, their RCN system needed only a few thousand training images, compared to a similar CNN system that needed around 2.3 million. While the CNN model achieved 89.9% accuracy a slight change in character spacing would throw the CNN system off to 38.4% accuracy, while the same change "results in an improvement in the recognition accuracy" for their RCN system. The researchers behind the RCN system are currently seeing whether it is possible to deploy their RCN-based adaptive AI bot to parsing images that also contain objects, not only text. If successful, the AI bot could evolve from a CAPTCHA breaker to an object or facial recognition system.
▼ Show Discussion