Character Segmentation for Automatic CAPTCHA Solving
نویسندگان
چکیده
Many websites utilise CAPTCHA (Completely Automatic Public Turing tests to tell Computers and Humans Apart) schemes as human interaction proofs to grant access to their services only to people rather than spam bots. In this paper, we examine the security of six widely used types of CAPTCHA and present novel attacks against all of them, achieving success rates of up to 88%. We made improvements to three previously published attacks against the Hotmail, Wikipedia, and Slashdot challenges and devised novel and successful attacks against BotDetect's Wavy chess, reCAPTCHA, and a new variant of the Wikipedia scheme. Furthermore, we implemented a library that includes customisable segmentation algorithms and character recognisers. This library can serve as a tool for further investigating CAPTCHA security. Even though the difficulty and time needed to develop our CAPTCHA solver algorithms varied significantly between different schemes, none of these CAPTCHAS proved to be resistant to the attacks we devised. Based on our findings, we make recommendations for strengthening CAPTCHA methods to make them more resistant to automated attacks such as ours.
منابع مشابه
The End is Nigh: Generic Solving of Text-based CAPTCHAs
Over the last decade, it has become well-established that a captcha’s ability to withstand automated solving lies in the difficulty of segmenting the image into individual characters. The standard approach to solving captchas automatically has been a sequential process wherein a segmentation algorithm splits the image into segments that contain individual characters, followed by a character rec...
متن کاملA Highly Legible CAPTCHA That Resists Segmentation Attacks
A CAPTCHA which humans find to be highly legible and which is designed to resist automatic character–segmentation attacks is described. As first detailed in [BR05], these ‘ScatterType’ challenges are images of machine-print text whose characters have been pseudorandomly cut into pieces which have then been forced to drift apart. This scattering is designed to repel automatic segmentthen-recogni...
متن کاملScatterType: a reading CAPTCHA resistant to segmentation attack
A reading-based CAPTCHA, called ‘ScatterType,’ designed to resist character–segmentation attacks, is described. Its challenges are pseudorandomly synthesized images of text strings rendered in machine-print typefaces: within each image, characters are fragmented using horizontal and vertical cuts, and the fragments are scattered by vertical and horizontal displacements. This scattering is desig...
متن کاملThe Robustness of "Connecting Characters Together" CAPTCHAs
CAPTCHA is now commonly used as standard security technology to tell computers and humans apart. The most widely deployed CAPTCHAs are text-based schemes. In this paper, we document how we have broken such a text-based scheme which uses the “connecting characters together (CCT)” principle. CAPTCHAs of this type can be classified into three types: CAPTCHA with overlap but no noise arcs; CAPTCHA ...
متن کاملAutomated CAPTCHA Solving:
CAPTCHAs exploit the gap in the ability between a human and a machine to understand the semantics of specific multimedia content, with vast applications in computer security. In this paper we compare two techniques in automated CAPTCHA solving for text-based CAPTCHA schemes, i.e., classification based on the Vector Space Model (VSM) versus a popular Optical Character Recognition (OCR) engine. F...
متن کامل