Tschacher's effort is an attempt to keep the PoC up to date and working, thus making it possible to circumvent the audio version of reCAPTCHA v2 by leveraging a bot to simulate the entire process and defeat the protections. To carry out the attack, the audio payload is programmatically identified on the page using tools like Selenium, then downloaded and fed into an online audio transcription service such as Google Speech-to-Text API, the results of which are ultimately used to defeat the audio CAPTCHA.įollowing the attack's disclosure, Google updated reCAPTCHA in June 2018 with improved bot detection and support for spoken phrases rather than digits, but not enough to thwart the attack - for the researchers released " unCaptcha2" as a PoC with even better accuracy (91% when compared to unCaptcha's 85%) by using a "screen clicker to move to certain pixels on the screen and move around the page like a human." Offered for accessibility reasons, it poses an audio challenge, allowing people with vision loss to play or download the audio sample and solve the question. The whole attack hinges on a research dubbed " unCaptcha," published by University of Maryland researchers in April 2017 targeting the audio version of reCAPTCHA.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |