Haichang Gao scite author profile

Text-based Captchas have been widely deployed across the Internet to defend against undesirable or malicious bot programs. Many attacks have been proposed; these fine prior art advanced the scientific understanding of Captcha robustness, but most of them have a limited applicability. In this paper, we report a simple, low-cost but powerful attack that effectively breaks a wide range of text Captchas with distinct design features, including those deployed by Google, Microsoft, Yahoo!, Amazon and other Internet giants. For all the schemes, our attack achieved a success rate ranging from 5% to 77%, and achieved an average speed of solving a puzzle in less than 15 seconds on a standard desktop computer (with a 3.3GHz Intel Core i3 CPU and 2 GB RAM). This is to date the simplest generic attack on text Captchas. Our attack is based on Log-Gabor filters; a famed application of Gabor filters in computer security is John Daugman's iris recognition algorithm. Our work is the first to apply Gabor filters for breaking Captchas.

show abstract

The robustness of hollow CAPTCHAs

Gao

Wang

Jiang

et al. 2013

View full text Add to dashboard Cite

CAPTCHA is now a standard security technology for differentiating between computers and humans, and the most widely deployed schemes are text-based. While many text schemes have been broken, hollow CAPTCHAs have emerged as one of the latest designs, and they have been deployed by major companies such as Yahoo!, Tencent, Sina, China Mobile and Baidu. A main feature of such schemes is to use contour lines to form connected hollow characters with the aim of improving security and usability simultaneously, as it is hard for standard techniques to segment and recognize such connected characters, which are however easy to human eyes. In this paper, we provide the first analysis of hollow CAPTCHAs' robustness. We show that with a simple but novel attack, we can successfully break a whole family of hollow CAPTCHAs, including those deployed by all the major companies. While our attack casts serious doubt on the viability of current designs, we offer lessons and guidelines for designing better hollow CAPTCHAs.

show abstract

Research on Deep Learning Techniques in Breaking Text-Based Captchas and Designing Image-Based Captcha

Tang

Gao

Zhang

et al. 2018

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

A survey on the use of graphical passwords in security

Gao

Wei²,

Ye³

et al. 2013

JSW

View full text Add to dashboard Cite

An End-to-End Attack on Text CAPTCHAs

Yang

Gao

Cheng

et al. 2020

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

YAGP: Yet Another Graphical Password Strategy

Gao

Guo

Chen

et al. 2008

View full text Add to dashboard Cite

show abstract

Research on the Security of Microsoft’s Two-Layer Captcha

Gao

Tang

Liu

et al. 2017

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

A Novel Image Based CAPTCHA Using Jigsaw Puzzle

Gao

Yao

Liu

et al. 2010

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Haichang Gao

A Simple Generic Attack on Text Captchas

The robustness of hollow CAPTCHAs

Research on Deep Learning Techniques in Breaking Text-Based Captchas and Designing Image-Based Captcha

A survey on the use of graphical passwords in security

An End-to-End Attack on Text CAPTCHAs

YAGP: Yet Another Graphical Password Strategy

Research on the Security of Microsoft’s Two-Layer Captcha

A Novel Image Based CAPTCHA Using Jigsaw Puzzle

Contact Info

Product

Resources

About