How the IT giant's audio captcha “got around” a second time
Engineers from the University of Maryland have developed a system that “circumvents” Google's reCAPTCHA with almost 100% probability. It uses speech recognition algorithms to solve the audio captcha. We tell how it works.
Photo photographymontreal / PD
For the first time, developers from the University of Maryland presented a system for circumventing “sound” reCAPTCHA (they called their decision unCAPTCHA) in 2017. Then Google’s audio cap was a recording in which the announcer called a sequence of numbers. The authors used speech recognition algorithms to automate the process of entering values. They managed to achieve the accuracy of a captcha solution in 85%.
Information about the vulnerability of the authors sent to Google. The IT giant has updated reCAPTCHA, in which it replaced a sequence of numbers with phrases. However, at the end of last year, engineers from Maryland finalized their neural network. She managed to bypass the updated audio cap with an accuracy of 90%.
A bot goes to an Internet page protected by reCAPTCHA, and then performs several actions to imitate human behavior. After that, he clicks on the captcha and selects the version of its solution using audio recordings.
In the 2017 version of unCAPTCHA, the audio file was divided into segments. Markers served as a pause between the numbers. The result was several sound recordings with individual words. The developer sent these entries to speech recognition cloud services: <iron> Google Cloud Speech-to-Text API </ iron>, Bing Speech Recognition, IBM Bluemix, and Wit-AI. They determined the content of audio recordings from the frequency pattern of the spectrogram. At the same time, several cloud services were used by developers to minimize the error of recognizing numeric values.
Then unCAPTCHA v1 was the so-called phonetic map. It contains responses from different systems for the same passage. Further, a convolutional neural network came into play, which extracted words from the map that did not indicate the name of the number, corrected errors, and chose the most likely answer for filling out reCAPTCHA. In general, the process is as follows:
In the second version of unCAPTCHA (which was presented in December), segmentation and phonetic map are no longer needed . The updated Google captcha uses separate phrases instead of numbers, and their cloud services define better. Therefore, high accuracy of audio recognition was achieved using one tool - Google Speech-to-Text. After analysis, the bot immediately enters the received text into the captcha line.
This is how sending audio to the cloud and entering a response (from the repository on GitHub). Demonstration of the program can be seen on this gif-ke .
According to the authors unCAPTCHA, the new version of the captcha Google did not complicate, but, on the contrary, simplified hacking. Now the service for automatic input does not need to send requests to different cloud platforms and train a separate neural network to evaluate the results.
Photo AdNorrel / CC BY-SA
In defense of reCAPTCHA, it is worth noting that the new version still added several obstacles for hackers. The first is to simulate user behavior on the page has become more difficult. With unCAPTCHA v1, account registration was fully automated with Selenium . Now Google Captcha will recognize if this service is used on the page and automatically blocks access. Developers from the University of Maryland had to manually prescribe the order of "user" actions and modify the script for each new input attempt. While the engineers from Maryland were working on their decision, Google re-updated the reCAPTCHA, and unCAPTCHA cannot cope with it yet. However, many sites still use old versions of DDoS protection. Therefore, vulnerability remains relevant.
In the network you can find information about other solutions for hacking audiocaps. One of the first systems was based on the manual classification of audio files. Audio was broken into segments with individual words - letters and numbers, which were correlated with their spectrograms. For example, this hacking method proposed the 2006 devoicecaptcha project. Then the program bypassed Google captcha with an accuracy of 33%.
Other projects implemented more complex algorithms that fully automated the captcha solution process. For example, the Sphinx program, which was first developed in the late 1990s at Carnegie Mellon University, was used for hacking. Sphinx cracked a captcha on eBay in 75% of cases, but later its effectiveness dropped to 25–30%.
In 2012, the authors of the Stiltwalker project presented a neural network that was able to distinguish the frequency “pattern” of individual words, despite background noise. As the developers say , the system successfully bypassed the Google check that was relevant at that time in 99% of cases.
As for the creators of unCAPTCHA, then we will probably hear about their work. There is a chance that they will try to hack the reCAPTCHA updated for the third time in a similar way.
Additional reading from our Telegram channel and “Hi-Fi World”:
What is 8D audio - discussing the new trend
Bluetooth chip that doesn’t need a battery
Go
Scientists have learned to transmit sound using lasers
Go KPM label digitized its entire catalog
Photo photographymontreal / PD
Prehistory
For the first time, developers from the University of Maryland presented a system for circumventing “sound” reCAPTCHA (they called their decision unCAPTCHA) in 2017. Then Google’s audio cap was a recording in which the announcer called a sequence of numbers. The authors used speech recognition algorithms to automate the process of entering values. They managed to achieve the accuracy of a captcha solution in 85%.
Information about the vulnerability of the authors sent to Google. The IT giant has updated reCAPTCHA, in which it replaced a sequence of numbers with phrases. However, at the end of last year, engineers from Maryland finalized their neural network. She managed to bypass the updated audio cap with an accuracy of 90%.
How it works
A bot goes to an Internet page protected by reCAPTCHA, and then performs several actions to imitate human behavior. After that, he clicks on the captcha and selects the version of its solution using audio recordings.
In the 2017 version of unCAPTCHA, the audio file was divided into segments. Markers served as a pause between the numbers. The result was several sound recordings with individual words. The developer sent these entries to speech recognition cloud services: <iron> Google Cloud Speech-to-Text API </ iron>, Bing Speech Recognition, IBM Bluemix, and Wit-AI. They determined the content of audio recordings from the frequency pattern of the spectrogram. At the same time, several cloud services were used by developers to minimize the error of recognizing numeric values.
Then unCAPTCHA v1 was the so-called phonetic map. It contains responses from different systems for the same passage. Further, a convolutional neural network came into play, which extracted words from the map that did not indicate the name of the number, corrected errors, and chose the most likely answer for filling out reCAPTCHA. In general, the process is as follows:
In the second version of unCAPTCHA (which was presented in December), segmentation and phonetic map are no longer needed . The updated Google captcha uses separate phrases instead of numbers, and their cloud services define better. Therefore, high accuracy of audio recognition was achieved using one tool - Google Speech-to-Text. After analysis, the bot immediately enters the received text into the captcha line.
This is how sending audio to the cloud and entering a response (from the repository on GitHub). Demonstration of the program can be seen on this gif-ke .
What they say about technology
According to the authors unCAPTCHA, the new version of the captcha Google did not complicate, but, on the contrary, simplified hacking. Now the service for automatic input does not need to send requests to different cloud platforms and train a separate neural network to evaluate the results.
Photo AdNorrel / CC BY-SA
In defense of reCAPTCHA, it is worth noting that the new version still added several obstacles for hackers. The first is to simulate user behavior on the page has become more difficult. With unCAPTCHA v1, account registration was fully automated with Selenium . Now Google Captcha will recognize if this service is used on the page and automatically blocks access. Developers from the University of Maryland had to manually prescribe the order of "user" actions and modify the script for each new input attempt. While the engineers from Maryland were working on their decision, Google re-updated the reCAPTCHA, and unCAPTCHA cannot cope with it yet. However, many sites still use old versions of DDoS protection. Therefore, vulnerability remains relevant.
How else to crack the audio cap
In the network you can find information about other solutions for hacking audiocaps. One of the first systems was based on the manual classification of audio files. Audio was broken into segments with individual words - letters and numbers, which were correlated with their spectrograms. For example, this hacking method proposed the 2006 devoicecaptcha project. Then the program bypassed Google captcha with an accuracy of 33%.
Other projects implemented more complex algorithms that fully automated the captcha solution process. For example, the Sphinx program, which was first developed in the late 1990s at Carnegie Mellon University, was used for hacking. Sphinx cracked a captcha on eBay in 75% of cases, but later its effectiveness dropped to 25–30%.
In 2012, the authors of the Stiltwalker project presented a neural network that was able to distinguish the frequency “pattern” of individual words, despite background noise. As the developers say , the system successfully bypassed the Google check that was relevant at that time in 99% of cases.
As for the creators of unCAPTCHA, then we will probably hear about their work. There is a chance that they will try to hack the reCAPTCHA updated for the third time in a similar way.
Additional reading from our Telegram channel and “Hi-Fi World”:
What is 8D audio - discussing the new trend Bluetooth chip that doesn’t need a battery Go
Scientists have learned to transmit sound using lasers Go
KPM label digitized its entire catalogSource: https://habr.com/ru/post/438578/