Sign In

Communications of the ACM

ACM TechNews

New Attack Could Make Website Security Captchas Obsolete


A sample captcha.

Researchers at have demonstrated a deep learning algorithm that could render captcha security and authentication obsolete.

Credit: searchsecurity.techtarget.com

Researchers at Lancaster University in the U.K., Northwest University, and Peking University in China have demonstrated a deep learning algorithm that could render captcha security and authentication redundant.

The algorithm solves captchas with substantially greater accuracy than earlier captcha attack systems, and successfully cracks captcha versions that defeated previous hacks.

The system uses a generative adversarial network (GAN), educating a captcha generator to produce large numbers of training captchas that are indistinguishable from actual captchas.

These are employed to quickly train a solver, which is tested against real captchas; the algorithm only needs 500 genuine captchas, rather than the millions required to train a conventional attack program.

Lancaster's Zheng Wang said, "Our work shows that the security features employed by the current text-based captcha schemes are particularly vulnerable under deep learning methods."

From Lancaster University
View Full Article

 

Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


 

No entries found