unCAPTCHA: using google services to bypass google reCAPTCHA

unCAPTCHA is an automated system developed by University of Maryland experts that can bypass Google's reCAPTCHA with an accuracy of 85%. They succeeded thanks to the recognition of the audio version of the hint for people with disabilities.

The method exploits a vulnerability in the sound version of reCAPTCHA - it is pronounced a numeric code, which then must be entered into the verification field. The algorithm uses several services that help determine the numbers - including the Google Cloud Speech Recognition service.


Researchers have published the code for their project on GitHub . UnCAPTCHA uses speech recognition tools such as Bing Speech Recognition, IBM, Google Cloud, Google Speech Recognition, Sphinx and Wit-AI.

Principle of operation

The audio command format is a series of numbers of different lengths, spoken at different speeds, accents and through background noise. To attack this captcha, sounds are identified and automatically broken into parts.
')
Each bit of the audio signal of each number is loaded into 6 different free online audio transcription services (IBM, Google Cloud, Google Recognition, Sphinx, Wit-AI, Bing Speech Recognition), and these results are aggregated. After combining, the most probable string is detected heuristically. After that, the numbers are successively typed into the captcha. When testing, the accuracy was observed from 92% for individual numbers and up to 85% in the recognition of the audio command in full.

unCAPTCHA is not the first system of this kind. In March of this year, there was information about an attack using ReBreakCaptcha , a system almost identical to unCAPTCHA.

Video demonstration of work

Tests show that unCAPTCHA can solve 450 reCAPTCHA tasks with an accuracy of 85.15% in 5.42 seconds. This is less than what a person needs to listen to a single reCAPTCHA sound file.

unCAPTCHA

The project code is written in python using the popular selenium library and FFmpeg, a set of open source libraries that allow you to record, convert and transfer digital audio signals.

→ Source code published on github .

The link is available research from the creators of the utility.

The developers notified their research of Google experts, as a result of which new measures of protection against such attacks have already been added.