Explore techniques for breaking Google's reCAPTCHA system in this Black Hat conference talk. Delve into the evolution of CAPTCHAs and the ongoing arms race between security measures and automated solvers. Learn about a comprehensive study of reCAPTCHA, including methods to influence risk analysis, bypass restrictions, and deploy large-scale attacks. Discover a novel low-cost attack leveraging deep learning for image annotation, achieving a 70.78% success rate in solving image reCAPTCHA challenges. Examine the implications for CAPTCHA security as automated reasoning advances in processing semantic information from images. Gain insights into proposed safeguards and modifications to counter these attacks, and consider the future directions for CAPTCHA technology.
Overview
Syllabus
I'm Not a Human: Breaking the black hat Google reCAPTCHA
Introduction
Can we influence risk analysis?
Checking browser environment
Cookie harvesting
Limits on receiving "No CAPTCHAS"
Using Google against Google
Processing image tags
Attack evaluation
How good are humans?
Countermeasures? Raise the bar
Black Hat Sound Bytes
Taught by
Black Hat
