CAPTCHAs in reality: What might happen if they are easily broken?
DOI:
https://doi.org/10.47611/jsrhs.v11i3.2752Keywords:
CAPTCHA, attacks, types, impactAbstract
This research paper explains the potential impact when CAPTCHAs become easy for attackers to solve. A literature review has been done on the different types of CAPTCHAs as well as the different methods present to break the CAPTCHAs. But data regarding the effect that CAPTCHAs have had when they have been attacked and broken is scarce. CAPTCHAs are deployed mainly to secure sites or apps but there are particular disadvantages which make them not only less beneficial to the owners of the sites or apps but also to the humans who need to solve them. These disadvantages are also in the form of vulnerabilities which prove beneficial to the attackers who can easily make use of the vulnerabilities to break the CAPTCHAs. It has been found that the impact of these attacks, in reality, has not been mentioned in previous studies. The impact prompts for advanced CAPTCHAs which solve the problems with the CAPTCHAs we have today.
Downloads
References or Bibliography
Ahn, L. von, Blum, M., and Langford, J. 2003. Telling humans and computers apart automatically. Comm. of the ACM. 46 (Aug. 2003), 57-60 http://www.cs.cmu.edu/afs/cs/Web/People/aladdin/papers/pdfs/y2004/captcha_cacm.pdf
Ahn, L. von, Blum, M., Hopper, N. J., and Langford, J. 2003. CAPTCHA: Using hard AI problems for security. Eurocrypt’2003 https://link.springer.com/content/pdf/10.1007%252F3-540-39200-9_18.pdf
Baird, H. S. and Popat, K. 2002. Human interactive proofs and document image analysis. In Proc. of Document Analysis https://link.springer.com/content/pdf/10.1007/3-540-45869-7_54.pdf
Attacks and Design of Image Recognition CAPTCHAs Bin B. Zhu*, Jeff Yan, Qiujie Li, Chao Yang, Jia Liu, Ning Xu, Meng Yi, Kaiwei Cai Systems 2002. 507–518. https://www.researchgate.net/profile/Bin-Zhu/publication/221609266_Attacks_and_design_of_image_recognition_CAPTCHAs/links/00463517f8f8921e7d000000/Attacks-and-design-of-image-recognition-CAPTCHAs.pdf
CAPTCHA Smuggling:Hijacking Web Browsing Sessions to Create CAPTCHA Farms Manuel Egele, Leyla Bilge, Engin Kirda, Christopher Kruegel http://seclab.nu/static/publications/sac2010captcha.pdf
Are you a Human or Robot? or Everything CAPTCHA Revati Ghadge, Archana M. Naware http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.736.374&rep=rep1&type=pdf
Darko Brodi´c and Alessia Amelio. 2020. Types of CAPTCHA. Springer International Publishing, Cham, 29–32.
Ved Prakash Singh and Preet Pal. 2014. Survey of different types of CAPTCHA. International Journal of Computer Science and Information Technologies 5, 2 (2014), 2242–2245. https://d1wqtxts1xzle7.cloudfront.net/33706358/ijcsit20140502289-with-cover-page-v2.pdf?Expires=1652591625&Signature=FACK6Ukqh2OJ2BpnknWu4I6Qi4N1ywBhpFVKlJgsouNp5ATHKwWqg2lSB4tcreDmVQHT4xRcx0G-qa6O4kQpzvZ5PW3DPwYRqbKa5OMUi-Qnoih-vwBQGrLFfEelovtO8tJFfl7pVsFgQuTFg7eT5Z7iyhzDhuXuo0k0uYY1qYew--4JKhxktRbg7-pmwAq7lcIO1D0US3MbX62vjnooeJS3ZFfeDdnKuUEtMnZoLNZGv~bpMB7~9~z1jZC2i0Zd91aYCDlDf~iQmy4-05LUG-mD2BIih0aEK6cJL-JrO9L1kkO3YMO95~Mh4ummUk5RqHvouBENMe8Z4R53HWjfbA__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA
Gotta CAPTCHA ’Em All: A Survey of Twenty years of the Human-or-Computer Dilemma. https://arxiv.org/pdf/2103.01748.pdf
.Moni Naor. 1996. Verification of a human in the loop or Identification via the Turing Test. https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.50.6383&rep=rep1&type=pdf
Luis von Ahn, Manuel Blum, Nicholas Hopper, and John Langford. 2000. CAPTCHA: Telling Humans and Computers Apart Automatically. http : //www.captcha.net/
https://deepai.org/machine-learning-glossary-and-terms/pattern-matching
Ahn L. von, M. Blum and J. Langford. 2004. Telling Humans and Computer Apart Automatically. Communications of the ACM. 47(2): 57-60.
A. Rusu and V. Govindaraju. 2004. Handwritten CAPTCHA: using the difference in the abilities of humans and machines in reading handwritten words. In Ninth International Workshop on Frontiers in Handwriting Recognition. 226–231. https://doi.org/10.1109/IWFHR.2004.54
A REVIEW ON CAPTCHA GENERATION AND EVALUATION TECHNIQUES Mir Aman Sheheryar, Pradeep Kumar Mishra and Ashok Kumar Sahoo http://www.arpnjournals.org/jeas/research_papers/rp_2016/jeas_0516_4187.pdf
A comprehensive Study for Different Types of CAPTCHA Methods and Various Attacks Menna M.Elbalky, Medhat A. Tawfeek and Hamdy M. Mousa https://www.researchgate.net/profile/Menna-Magdy-11/publication/353225639_Issue_6_wwwjetirorg_ISSN-2349-5162/links/60ee1ed39541032c6d39edf3/Issue-6-wwwjetirorg-ISSN-2349-5162.pdf
DIFFERENT TYPES OF CAPTCHA: A LITERATURE SURVEY Vishal Shinde1, Prof. Vijay Rathi2 http://www.oaijse.com/VolumeArticles/FullTextPDF/185_11.DIFFERENT_TYPES_OF_CAPTCHA__A_LITERATURE_SURVEY.pdf
AN EVALUATION OF DIFFERENT TYPES OF CAPTCHA: EFFECTIVENESS, USERFRIENDLINESS, AND LIMITATIONS Karmand H. Abdalla, Mehmat Kaya https://www.researchgate.net/profile/Karmand-Hussein/publication/340006275_AN_EVALUATION_OF_DIFFERENT_TYPES_OF_CAPTCHA_EFFECTIVENESS_USER-_FRIENDLINESS_AND_LIMITATIONS/links/5e728823a6fdcc37caf62ccf/AN-EVALUATION-OF-DIFFERENT-TYPES-OF-CAPTCHA-EFFECTIVENESS-USER-FRIENDLINESS-AND-LIMITATIONS.pdf
A SURVEY ON THE DIFFERENT IMPLEMENTED CAPTCHAS Shadi Khawandi, Firas Abdallah and Anis Ismail https://www.researchgate.net/profile/Firas-Abdallah/publication/330827684_A_Survey_On_The_Different_Implemented_Captchas/links/5d85f24c458515cbd1a572ee/A-Survey-On-The-Different-Implemented-Captchas.pdf
Luke Wroblewski. 2010. A Sliding Alternative to CAPTCHA? https://www.lukew.com/ff/entry.asp?1138
Question-Based CAPTCHA by Mohammad Shirali-Shahreza and Sajad Shirali-Shahreza https://www.researchgate.net/profile/Mohammad-Shirali-Shahreza/publication/4309155_Question-based_CAPTCHA/links/53d0ef0f0cf25dc05cfe73be/Question-based-CAPTCHA.pdf
CAPTCHA Recognition with Active Deep Learning Fabian Stark, Caner Hazırba¸s, Rudolph Triebel, and Daniel Cremers http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.710.1085&rep=rep1&type=pdf#page=94
Character Segmentation for Automatic CAPTCHA Solving Christos Makris and Christopher Town https://benthamopen.com/contents/pdf/COMPSCI/COMPSCI-1-1.pdf
E. Bursztein, M. Martin, and J.C. Mitchell, “Text-based CAPTCHA strengths and weaknesses”, In: Computer and Communications Security(CCS), October 2011. http://www.decom.ufop.br/menotti/rp142/sem/sem1-dp3-artigo.pdf
Strengthening CAPTCHA based websecurity by Graeme Baxter Bell. https://researchrepository.murdoch.edu.au/id/eprint/8064/1/CAPTCHA-based_Web_security.pdf
G. Mori and J. Malik. 2003. Recognizing objects in adversarial clutter: breaking a visual CAPTCHA. In 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings., Vol. 1. I–I.
http://wang.ist.psu.edu/imagination/mori.pdf
Breaking a 3D-based CAPTCHA Scheme Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo https://www.researchgate.net/profile/Yang-Wai-Chow/publication/262372314_Breaking_a_3d-based_CAPTCHA_scheme/links/5f7fc336a6fdccfd7b51d4ea/Breaking-a-3d-based-CAPTCHA-scheme.pdf
iCAPTCHA: The Next Generation of CAPTCHA Designed to Defend Against 3rd Party Human Attacks http://cs.ucf.edu/~czou/research/iCaptcha-ICC2011.pdf
CAPTCHA Security by Jeff Yan and Ahmad Salah El Ahmad https://eprints.ncl.ac.uk/file_store/production/152438/3F53CA83-C049-4D60-85F2-F66AAB7057EB.pdf
C. J. Hernandez-Castro, A. Ribagorda, and Y. Saez. 2010. Side-channel attack on the HumanAuth CAPTCHA. In 2010 International Conference on Security and Cryptography (SECRYPT). 1–7. https://www.scitepress.org/papers/2010/29940/29940.pdf
Binbin Zhao, Haiqin Weng, Shouling Ji, Jianhai Chen, Ting Wang, Qin-ming He, and Reheem Beyah. 2018. Towards Evaluating the Security of Real-World Deployed Image CAPTCHAs. In Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security (Toronto, Canada) (AISec ’18). Association for Computing Machinery, New York, NY, USA, 85–96. https://doi.org/10.1145/3270101.3270104
LARGE SCALE CAPTCHA SURVEY by Mecheal Greene https://udspace.udel.edu/bitstream/handle/19716/23980/Greene_udel_0060M_13475.pdf?sequence=2&isAllowed=y
E. Bursztein, R. Beauxis, H. Paskov, D. Perito, C. Fabry, and J. Mitchell. 2011. The Failure of Noise-Based Noncontinuous Audio Captchas. In 2011 IEEE Symposium on Security and Privacy. 19–31. https://doi.org/10.1109/SP.2011.14
Elie Bursztein and Steven Bethard. 2009. Decaptcha breaking 75% of eBay audio CAPTCHAs.In proceedings of the USENIX Workshop on Offensive Technologies (WOOT’09). https://www.usenix.org/legacy/events/woot09/tech/full_papers/bursztein.pdf
Reducing the Cost of Breaking Audio CAPTCHAs by Active and Semi-Supervised Learning by Malte Darnstadt and Hendrik Meutzner, Dorothea Kolossa https://www.ruhr-uni-bochum.de/lmi/darnstdt/captchas_icml2014.pdf
Assessing Threat Posed to Video CAPTCHA by OCR-Based Attacks by Alex Canter https://www.cs.rit.edu/~dprl/old/files/AlexCanter_MScReport.pdf
A Three-Way Investigation of a Game-CAPTCHA: Automated Attacks, Relay Attacks and Usability Manar Mohamed, Niharika Sachdeva, Michael Georgescu, Song Gao, Nitesh Saxena†, Chengcui Zhang, Ponnurangam Ku-maraguru, Paul C. van Oorschot, Wei-Bang Chen https://cpb-us-w2.wpmucdn.com/sites.uab.edu/dist/3/66/files/2020/01/2014-ACMCCS-1.pdf
Filip Vitas. 2019. How to bypass “slider CAPTCHA” with JS and Puppeteer. https://medium.com/@filipvitas/how-tobypass-slider-captcha-with-js-and-puppeteer-cd5e28105e3c
Carlos Javier Hernandez-Castro and Arturo Ribagorda. 2010. Pitfalls in CAPTCHA design and implementation: The Math CAPTCHA, a case study. Computers & Security 29, 1 (2010), 141 – 157. https://doi.org/10.1016/j.cose.2009.06.006
Sweet CAPTCHA solver. https://github.com/drdre1/Adultddl-Sweet-Captcha-Solver
Suphannee Sivakorn, Jason Polakis, and Angelos D. Keromytis. 2016. I’m not a human : Breaking the Google reCAPTCHA. In BlackHat 2016. https://www.fotolia.ir/cdn/2017/12/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf
Ismail Akrout, Amal Feriani, and Mohamed Akrout. 2019. Hacking Google reCAPTCHA v3 using Reinforcement Learning. ArXiv abs/1903.01003 (2019). https://arxiv.org/pdf/1903.01003.pdf
Breaking e-Banking CAPTCHAs Shujun Li, Syed Amier Haider Shah, Muhammad Asad Usman Khan, Syed Ali Khayam, Ahmad-Reza Sadeghi and Roland Schmitz http://kops.uni-konstanz.de/bitstream/handle/123456789/6246/ACSAC2010_Full.pdf?sequence=1
https://www.kasada.io/captcha-is-obsolete/
https://www.perimeterx.com/resources/blog/2020/captchas-hard-for-humans-easy-for-bots/
https://saaspass.com/threats/prevent-captcha-attacks-with-two-factor-authentication/
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8665729
Re: CAPTCHAs – Understanding CAPTCHA-Solving Services in an Economic Context Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy, Geoffrey M. Voelker and Stefan Savage https://www.usenix.org/legacy/event/sec10/tech/full_papers/Motoyama.pdf
CAPTCHA Smuggling: Hijacking Web Browsing Sessions to Create CAPTCHA Farms http://seclab.nu/static/publications/sac2010captcha.pdf
Imperva. 2020. 2020 Bad Bot Report.
Audio CAPTCHA with a few cocktails: it’s so noisy I can’t hear you https://www.cl.cam.ac.uk/~is410/Papers/cocktails_draft.pdf
POSTER: I Can’t Hear This Because I Am Human: A Novel Design of Audio CAPTCHA System https://www.researchgate.net/profile/Jusop-Choi/publication/325480906_POSTER_I_Can%27t_Hear_This_Because_I_Am_Human_A_Novel_Design_of_Audio_CAPTCHA_System/links/5f2b8d64a6fdcccc43ac8469/POSTER-I-Cant-Hear-This-Because-I-Am-Human-A-Novel-Design-of-Audio-CAPTCHA-System.pdf
Capture the Bot: Using Adversarial Examples to Improve CAPTCHA Robustness to Bot Attacks Dorjan Hitaj, Briland Hitaj, Sushil Jajodia, and Luigi V. Mancini https://arxiv.org/pdf/2010.16204.pdf
Published
How to Cite
Issue
Section
Copyright (c) 2022 Ananya Narayanaswamy
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright holder(s) granted JSR a perpetual, non-exclusive license to distriute & display this article.
