Breaking visual CAPTCHAs with naive pattern recognition algorithms

Jeff Yan, Ahmad Salah El Ahmad

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

182 Citations (Scopus)

Abstract

Visual CAPTCHAs have been widely used across the Internet to defend against undesirable or malicious bot programs. In this paper, we document how we have broken most such visual schemes provided at Captchaservice.org, a publicly available web service for CAPTCHA generation. These schemes were effectively resistant to attacks conducted using a high-quality Optical Character Recognition program, but were broken with a near 100% success rate by our novel attacks. In contrast to early work that relied on sophisticated computer vision or machine learning algorithms, we used simple pattern recognition algorithms but exploited fatal design errors that we discovered in each scheme. Surprisingly, our simple attacks can also break many other schemes deployed on the Internet at the time of writing: their design had similar errors. We also discuss defence against our attacks and new insights on the design of visual CAPTCHA schemes.
Original languageEnglish
Title of host publicationTwenty-Third Annual Computer Security Applications Conference (ACSAC 2007)
Place of PublicationPiscataway, NJ
PublisherIEEE
Pages279-291
Number of pages13
ISBN (Print)9780769530604
DOIs
Publication statusPublished - 2 Jan 2008
EventTwenty-Third Annual Computer Security Applications Conference (ACSAC 2007) - Miami Beach, FL, USA
Duration: 10 Dec 200714 Dec 2007

Conference

ConferenceTwenty-Third Annual Computer Security Applications Conference (ACSAC 2007)
Period10/12/0714/12/07

Keywords

  • pattern recognition
  • internet
  • machine learning algorithms
  • computer errors
  • web services
  • optical character recognition software
  • character recognition
  • computer vision
  • algorithm design and analysis
  • writing

Fingerprint

Dive into the research topics of 'Breaking visual CAPTCHAs with naive pattern recognition algorithms'. Together they form a unique fingerprint.

Cite this