The Robustness of Google CAPTCHAs

Ahmad El Ahmad; Dr Jeff Yan

The Robustness of Google CAPTCHAs Lookup NU author(s) Ahmad El Ahmad Dr Jeff Yan



Author(s)		El Ahmad AS, Yan J, Tayara M
Publication type		Report
Series Title		School of Computing Science Technical Report Series
Year		2011
Date		September 2011
Report Number		1278
Pages		15



Full text is available for this publication: Full text file 1




We report a novel attack on two CAPTCHAs that have been widely deployed on the Internet, one being Google's home design and the other acquired by Google (i.e. reCAPTCHA). With a minor change, our attack program also works well on the latest ReCAPTCHA version, which uses a new defence mechanism that was unknown to us when we designed our attack. This suggests that our attack works in a fundamental level. Our attack appears to be applicable to a whole family of text CAPTCHAs that build on top of the popular segmentation-resistant mechanism of "crowding character together" for security. Next, we propose a novel framework that guides the application of our well-tested security engineering methodology for evaluating CAPTCHA robustness, and we propose a new general principle for CAPTCHA design



Institution		School of Computing Science, University of Newcastle upon Tyne
Place Published		Newcastle upon Tyne
Actions