Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Researchers break video Captcha security using robot vision

NuCaptcha working on revised design

Article comments

Researchers at Stanford University have discovered a way to break state-of-the-security video Captchas of the sort deployed by companies such as NuCaptcha with a 90 percent success rate.

Rather than presenting users with a conventional static but scrambled series of letters and numbers, NuCaptcha’s video version offers partially rotating text that also moves from left to right across the screen, in theory making it much harder for computer systems to reliably detect which elements of the image are the correct ones.

This has worked well – until now.

After converting the NuCaptcha videos into individual frames, the background image was removed by the researchers and the remaining letters turned into a black and white image to ease processing.

The team then used algorithms to nominate the most interesting objects in each frame, tracking these across frames as they changed. Next, they refined the number of objects by estimating the likely minimum size of the Captcha, subjecting the remaining ones to an algorithm designed to distinguish rotated letters from ‘straight’ ones.

Because the researchers had multiple frames for each Captcha they were trying to break – a feature of any Captchas that use video – they ended up with more data from which to do a complex pattern analysis using tools familiar to anyone from the field of machine or robotic vision.

Put another way, using the team's methodology video Captchas were actually be easier to beat than static ones because they offer more data from which to perform an analysis.

The team said its cracking technique worked between 80 percent and almost 100 percent of the time, depending on the analysis algorithms used to isolate Captcha letters from the moving field.

The researchers said they had worked closely with NuCaptcha during its research, which has since offered a technical response to news of the attack on its technology.

“It is with combined efforts of researchers [...] that potential weaknesses are discovered and resolved, prior to them becoming practice by attackers. No single Captcha will defend against every possible attack,” NuCaptcha said.

The Stanford team believes that NuCaptcha’s video security could still be made to work.

“What we need to do is to remove every discriminative feature that the attacker can use to tell apart decoy moving objects and the real Captchas,” the researchers suggest, most easily by introducing visual decoys to reduce the effectiveness of pattern-isolation algorithms. NuCaptcha was working on a new version of its system to do this, the researchers and company confirmed.

Captcha (completely automated public Turing test to tell computers and humans apart) is not seen as the security barrier it was once believed to be, but it remains an important technique for slowing systems that register bogus accounts with webmail providers in order to generate spam.

Constant attacks have caused some to question the underlying effectiveness of the whole technology. Only a fortnight ago, the Cridex banking Trojan was found to be able to break the static Captchas used by Yahoo to secure its webmail services.

However, Internet companies would rather have an imperfect system that beats automated systems some of the time than none at all.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *