Issue No. 04 - July/August (2009 vol. 7)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.84
Jeff Yan , Newcastle University, England
Ahmad Salah El Ahmad , Newcastle University, England
CAPTCHAs have been widely used across the Internet to defend against undesirable or malicious bot programs. In this article, the authors describe the security of a CAPTCHA reported in a recent peer-reviewed paper and deployed on the Internet. They show that although this scheme was effectively resistant to one of the best optical character recognition programs on the market, they could break it with a success rate of higher than 90 percent by using a simple but novel attack. In contrast to early work that relied on sophisticated computer vision or machine learning algorithms, they used simple pattern recognition algorithms that exploited fatal design errors. The main contribution of their work is that simply counting the pixels in a CAPTCHA's characters can be a very powerful attack.
CAPTCHA, security, pixel count, dictionary attacks
A. S. El Ahmad and J. Yan, "CAPTCHA Security: A Case Study," in IEEE Security & Privacy, vol. 7, no. , pp. 22-28, 2009.