acm-header
Sign In

Communications of the ACM

Home/News/New Attack Could Make Website Security Captchas Obsolete/Full Text
ACM TechNews

New Attack Could Make Website Security Captchas Obsolete

By Lancaster ­niversity
December 7, 2018
Comments
View as: Print Mobile App Share:
A sample captcha.

Researchers at have demonstrated a deep learning algorithm that could render captcha security and authentication obsolete.

Credit: searchsecurity.techtarget.com

Researchers at Lancaster University in the U.K., Northwest University, and Peking University in China have demonstrated a deep learning algorithm that could render captcha security and authentication redundant.

The algorithm solves captchas with substantially greater accuracy than earlier captcha attack systems, and successfully cracks captcha versions that defeated previous hacks.

The system uses a generative adversarial network (GAN), educating a captcha generator to produce large numbers of training captchas that are indistinguishable from actual captchas.

These are employed to quickly train a solver, which is tested against real captchas; the algorithm only needs 500 genuine captchas, rather than the millions required to train a conventional attack program.

Lancaster's Zheng Wang said, "Our work shows that the security features employed by the current text-based captcha schemes are particularly vulnerable under deep learning methods."

From Lancaster University
View Full Article

 

Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account