Google-whisperers beat reCaptcha voice challenge with 90% success rate
Code's up on Github and Google's fine with that
University of Maryland researchers have given Google a "welcome to 2019" gift by breaking its latest reCaptcha audio challenge.
The work is a follow-up to an attack published in April 2017 by the university's Kevin Bock, Daven Patel, George Hughey and Dave Levin, again attacking the audio challenges. Since then, Google has updated the code, and the boffins have updated their attack.
The audio challenge was created to solve reCaptcha's accessibility problem – someone using a screen reader can't see where to "tick the box" to prove they aren't a robot.
The 2017 attack, documented here, downloaded and segmented the audio captcha, sent the segments on to multiple online speech-to-text services, checked the responses for homophones, applied a weighted vote to those responses, and uploaded the answer to reCaptcha.
They claimed better than 85 per cent accuracy for that attack, and when Google fixed reCaptcha's audio challenge, the group set to work attacking the replacement. They demonstrated that the fixes made reCaptcha less secure, told Google in June 2018 (with a six-month disclosure deadline), and on Monday published unCaptcha2.
The group said: "Thanks to the changes to the audio challenge, [parsing] ReCaptcha is easier than ever before. The code now only needs to make a single request to a free, publicly available speech to text API to achieve around 90 per cent accuracy over all captchas."
The GitHub post notes that unCaptcha2 no longer needs to use multiple speech-to-text engines, and the fragmentation approach used in the first version has also been abandoned.
The boffins added that Google cleared them to release the code. "The Recaptcha team is aware of this attack vector, and have confirmed they are OK with us releasing this code, despite its current success rate."
They added: "While unCaptcha2 is tuned for Google's Demo site, it can be changed to work for any such site – the logic for defeating ReCaptcha will be the same."
Researchers wanting to check out unCaptcha2 for themselves will need their own API keys from the relevant services (speech-to-text engines from wit.ai, Bing, IBM and Google).
Since Google has had six months' notice, the boffins noted that unCaptcha2 could stop working at any time. ®