By Daniel Bates
Last updated at 6:04 PM on 25th May 2011
- IT experts developed software that beat Captcha on eBay 82% of the time, Microsoft 48.9%, and Yahoo 45.5%
Researchers have sparked fresh concerns about Internet security after cracking Captcha, the word test used to check if website users are human.
In tests IT experts said they have developed software that beats audio Captchas up to 89 per cent of the time.
They warned that cyber criminals could use such a programme to get past security measures introduced by websites like Yahoo and eBay and scam the public.
Security concerns: Researchers have cracked Captchas, the word test used to check if website users are human
The programme, called Decaptcha, beat Captcha on eBay 82 per cent of the time, Microsoft 48.9 per cent of the time, Yahoo 45.5 per cent of the time and 42 per cent of the time on Digg.
It could also cause problems for websites like Ticketmaster as touts could use automated programmes to pose as real users and get the best seats - only to sell them on at vastly inflated prices.
The researchers warned that websites using Captcha had to upgrade their security or face becoming a victim of cyber crime.
The term Captcha - which stands for for Completely Automated Public Turing Test To Tell Computers and Humans Apart - was coined by Luis von Ahn and two other professors from Carnegie Mellon University in 2000.
Originally used by Yahoo email, they were designed to stop spammers from using automated programmes to send out unwanted messages to scam other people.
Flawed: Scientists have warned that cyber criminals could use software to get past security measures
Captchas usually come in the form of one or two distorted words which the user must type in to prove that they are human.
Users can also request that the Captcha be read out loud over the computer’s speakers, and it is here the researchers have found a vulnerability.
With just 20 minutes of ‘listening’ time to some 200 Captchas, the Decaptcha programme was able to defeat even the toughest schemes, their study found.
It does this by sampling the audio and marking out what it thinks are numbers and letters based on what it has previously heard.
The programme then matches the suspected character with one of the characters in its library, choosing the one that makes the best match.
‘A computer algorithm that solves one Captcha out of every 100 attempts would allow an attacker to set up enough fraudulent accounts to manipulate user behaviour or achieve other ends on a target site,’ the researchers from Stanford University and Tulane University said.
The dangers of cracked Captchas was illustrated recently by the case of three California men who used automated programmes to beat security measures and buy 1.5million tickets to Bruce Springsteen concerts and Broadway shows.
The trio later sold them on to fans at a far higher price.
Sphere: Related Content
Nenhum comentário:
Postar um comentário