Skip to main content

New attack could make website security captchas obsolete

New attack could make website security captchas obsolete :

Researchers have created new artificial intelligence that could spell the end for one of the most widely used website security systems.
The new algorithm, based on deep learning methods, is the most effective solver of captcha security and authentication systems to date and is able to defeat versions of text captcha schemes used to defend the majority of the world's most popular websites.
Text-based captchas use a jumble of letters and numbers, along with other security features such as occluding lines, to distinguish between humans and malicious automated computer programmes. It relies on people finding it easier to decipher the characters than machines.
Developed by computer scientists at Lancaster University in the UK as well as Northwest University and Peking University in China, the solver delivers significantly higher accuracy than previous captcha attack systems, and is able to successfully crack versions of captcha where previous attack systems have failed.
The solver is also highly efficient. It can solve a captcha within 0.05 of a second by using a desktop PC.
It works by using a technique known as a 'Generative Adversarial Network', or GAN. This involves teaching a captcha generator programme to produce large numbers of training captchas that are indistinguishable from genuine captchas. These are then used to rapidly train a solver, which is then refined and tested against real captchas.
By using a machine-learned automatic captcha generator the researchers, or would be attackers, are able to significantly reduce the effort, and time, needed to find and manually tag captchas to train their software. It only requires 500 genuine captchas, instead of the millions that would normally be needed to effectively train an attack programme.
Previous captcha solvers are specific to one particular captcha variation. Prior machine-learning attack systems are labour intensive to build, requiring a lot of manual tagging of captchas to train the systems. They are also easily rendered obsolete by small changes in the security features used within captchas.
Because the new solver requires little human involvement it can easily be rebuilt to target new, or modified, captcha schemes.
The programme was tested on 33 captcha schemes, of which 11 are used by many of the world's most popular websites -- including eBay, Wikipedia and Microsoft.
Dr Zheng Wang, Senior Lecturer at Lancaster University's School of Computing and Communications and co-author of the research, said: "This is the first time a GAN-based approach has been used to construct solvers. Our work shows that the security features employed by the current text-based captcha schemes are particularly vulnerable under deep learning methods.
"We show for the first time that an adversary can quickly launch an attack on a new text-based captcha scheme with very low effort. This is scary because it means that this first security defence of many websites is no longer reliable. This means captcha opens up a huge security vulnerability which can be exploited by an attack in many ways.
Mr Guixin Ye, the lead student author of the work said: "It allows an adversary to launch an attack on services, such as Denial of Service attacks or spending spam or fishing messages, to steal personal data or even forge user identities. Given the high success rate of our approach for most of the text captcha schemes, websites should be abandoning captchas."
Researchers believe websites should be considering alternative measures that use multiple layers of security, such as a user's use patterns, the device location or even biometric information.
The research is published in the paper 'Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach' which was presented at the ACM Conference on Computer and Communications Security (CCS) 2018 in Toronto.
The research benefitted from funding from the Engineering and Physical Sciences Research Centre, or EPSRC, The Royal Society and the National Natural Science Foundation of China.

Comments

Post a Comment

Popular posts from this blog

Dark matter may be older than the Big Bang

Dark matter, which researchers believe make up about 80% of the universe's mass, is one of the most elusive mysteries in modern physics. What exactly it is and how it came to be is a mystery, but a new Johns Hopkins University study now suggests that dark matter may have existed before the Big Bang. The study, published August 7 in  Physical Review Letters , presents a new idea of how dark matter was born and how to identify it with astronomical observations. "The study revealed a new connection between particle physics and astronomy. If dark matter consists of new particles that were born before the Big Bang, they affect the way galaxies are distributed in the sky in a unique way. This connection may be used to reveal their identity and make conclusions about the times before the Big Bang too," says Tommi Tenkanen, a postdoctoral fellow in Physics and Astronomy at the Johns Hopkins University and the study's author. While not much is known about its origins,...
Post a Comment
Read more

Home births as safe as hospital births: International study suggests

A large international study led by McMaster University shows that low risk pregnant women who intend to give birth at home have no increased chance of the baby's perinatal or neonatal death compared to other low risk women who intend to give birth in a hospital. The results have been published by  The Lancet 's  EClinicalMedicine  journal. "More women in well-resourced countries are choosing birth at home, but concerns have persisted about their safety," said Eileen Hutton, professor emeritus of obstetrics and gynecology at McMaster, founding director of the McMaster Midwifery Research Centre and first author of the paper. "This research clearly demonstrates the risk is no different when the birth is intended to be at home or in hospital." The study examined the safety of place of birth by reporting on the risk of death at the time of birth or within the first four weeks, and found no clinically important or statistically different risk between home...
Post a Comment
Read more

GSAT-11 satellite to be launched from French Guiana on Dec 5th

GSAT-11 satellite to be launched from French Guiana on Dec 5th GSAT-11 would be located at 74 East and is the fore-runner in a series of advanced communications satellite with multi-spot beam antenna coverage over Indian mainland and Islands, ISRO said. GSAT-11 is the next generation “high throughput” communication satellite configured around ISRO’s I-6K Bus. (PTI/Representational). Indian space agency ISRO is scheduled to launch GSAT-11, the “heaviest” satellite built by it, on-board Ariane-5 rocket of Arianespace from French Guiana on December 5. Weighing about 5,854 kg, GSAT-11 would play a vital role in providing broadband services across the country, and also provide a platform to demonstrate new generation applications, the Indian Space Research Organisation (ISRO) said. It is the “heaviest” satellite built by ISRO, the space agency said. GSAT-11 is the next generation “high throughput” communication satellite configured around ISRO’s  I-6K Bus, and it...
Post a Comment
Read more