Google’s reCAPTCHA is one of the best security innovations that is created to secure users from spam and abuse in recent years. reCAPTCHA is a CAPTCHA-like system meant to establish that a computer user is human. This is designed to enable only legitimate users access to your website.
unCaptcha is a low-resource, fully automated system developed by four researchers from the University of Maryland (UM) that can defeat Google’s 2017 reCaptcha with over 85% accuracy.
The new system works by not targeting the image-based challenge but rather the audio version that Google appended to help users with disabilities to solve its challenges. The whole process is done by downloading the audio challenge and giving it to six text-to-speech systems, getting the results, and sending the most probable answer back to Google’s servers.
According to researchers:
We demonstrate a low-resource, high accuracy defeat of the reCaptcha system. After successfully running against over 450 captchas, it can defeat reCaptcha with over 85% accuracy. By ensembling the results from free, non-specialized, online speech recognition services, unCaptcha demonstrates that it is far cheaper to mount a highly successful attack on reCaptcha than previously thought.
The researchers have published the source code for unCAPTCHA on GitHub. Their code uses the text-to-speech systems such as Bing Speech Recognition, IBM, Google Cloud, Google Speech Recognition, Sphinx, and Wit-AI.