Open AccessRobustness of text‐based completely automated public turing test to tell computers and humans apart
Author(s) -
Gao Haichang,
Wang Xuqin,
Cao Fang,
Zhang Zhengya,
Lei Lei,
Qi Jiao,
Liu Xiyang
Publication year - 2016
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2014.0381
Subject(s) - captcha , turing test , robustness (evolution) , computer science , turing , the internet , computer security , world wide web , artificial intelligence , programming language , biochemistry , chemistry , gene
Text‐based completely automated public turing tests to tell computers and humans apart (CAPTCHAs) have been widely deployed across the Internet to defend against undesirable or malicious bot programmes. In this study, the authors provide a systematic analysis of text‐based CAPTCHAs and innovatively improve their earlier attack on hollow CAPTCHAs to expand applicability to attack all the text CAPTCHAs. With this improved attack, they have successfully broken the CAPTCHA schemes adopted by 19 out of the top 20 web sites in Alexa including two versions of the famous ReCAPTCHA. With success rates ranging from 12 to 88.8% (note that the success rate for Yandex CAPTCHA is 0%), they demonstrate the effectiveness of their attack method. It is not only applicable to hollow CAPTCHAs, but also to non‐hollow ones. As their attack casts serious doubt on the viability of current designs, they offer lessons and guidelines for designing better text‐based CAPTCHAs.