Issue No.04 - July/August (2009 vol.7)
Jeff Yan , Newcastle University, England
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.84
CAPTCHAs have been widely used across the Internet to defend against undesirable or malicious bot programs. In this article, the authors describe the security of a CAPTCHA reported in a recent peer-reviewed paper and deployed on the Internet. They show that although this scheme was effectively resistant to one of the best optical character recognition programs on the market, they could break it with a success rate of higher than 90 percent by using a simple but novel attack. In contrast to early work that relied on sophisticated computer vision or machine learning algorithms, they used simple pattern recognition algorithms that exploited fatal design errors. The main contribution of their work is that simply counting the pixels in a CAPTCHA's characters can be a very powerful attack.
CAPTCHA, security, pixel count, dictionary attacks
Jeff Yan, "CAPTCHA Security: A Case Study", IEEE Security & Privacy, vol.7, no. 4, pp. 22-28, July/August 2009, doi:10.1109/MSP.2009.84