unCAPTCHA Breaks 450 ReCAPTCHAs in Under 6 Seconds

The online security has always been a hot topic in the digital world. To ensure a safe and secure environment online, Google has been trying very hard to strengthen its test-based methodology called reCAPTCHA.  This methodology aims at providing that a user is not a robot but human. Google found this very helpful in figuring out the actual potential traffic on the web. So, recently Google has extended this security service to the mobile websites also. Despite all the hard-work, unCAPTCHA is going to take it down real hard. So what is it? Let’s find out.

What’s unCAPTCHA and how is it different?

Created by four researchers from the University of Maryland, unCAPTCHA is a similar test-based methodology like reCAPTCHA. It is, however, in spite of following the same old system of reading distorted text and typing it in a box, deals with the audio. This AI is programmed to crack the audio challenges. So now, people with disabilities can also bypass the real security procedure without passing the conventional reCAPTCHA challenges.

How does unCAPTCHA work?

unCAPTCHA connects the online speech-to-text engines with a technique called Phonetic mapping. The process of recognizing the audio takes place as discussed below:

  • The system first downloads the audio file
  • It then breaks it into a number of digital audio clips
  • Runs these clips through many text-to-speech systems
  • Identifies the nearest homophones
  • Computes the aggregated results on the basis of the confidence level, and finally
  • Sends the best result to Google.

Talking about how did it defeat the reCAPTCHA?

After testing the unCAPTCHA it was found that the AI was able to solve 450 reCAPTCHA challenges within 5.42 seconds. This gave an accuracy of 85.15%.

The result demonstrated that bots/attackers don’t need considerable resources for successfully attacking the reCAPTCHA system.  Even with a very little success rate, an attacker can threaten the integrity of the online services.

The Researchers added that in case of unCAPTCHA, we are assuming that attackers accessing unCAPTCHA have limited resources. So our threat model will limit them to just 1 computer, 1 IP, limited training data and a small portion of RAM. This way we have ensured our accuracy to be more than 50%.

Where can you find the unCAPTCHA?

The researchers have already shared this code with the GitHub. It is using text-to-speech systems there like Google Speech Recognition, Sphinx, and Wit-Al.

You’ll soon find unCAPTCHA at places of higher security and integrity.

Wrapping Up

unCAPTCHA just revolutionized the entire security ensuring methodologies introduced by the Google. Starting from the very roots and instincts of attackers, unCAPTCHA has succeeded in simplifying the security measures. Moving in through the GitHub, it is all set to spread among the sites possessing a huge database. Google’s take on this security innovation will be a thing to watch now. But we welcome unCAPTCHA and hope for more such innovations to take place in the future.