Microsoft’s CAPTCHA Teared Apart
Welcome, if you like the post do subscribe to my RSS feed. Thanks for visiting!
Jeff Yan and Ahmad Salah El Ahmad, at the School of Computing Science, Newcastle University, England recently in their research paper demonstrated how they’ve managed to attack the Microsoft’s CAPTCHA used on several of Microsoft’s online services such as Hotmail and Windows Live, with over 92% recognition rate.
You can read their research paper named “A Low-cost Attack on a Microsoft CAPTCHA“, which clearly how vulnerable CAPTCHA has been from 2007 since the spammers attack grew tremendously.
Excerpt of their Research paper:
In this paper, we analyse the security of a text-based CAPTCHA designed by Microsoft and deployed for years at many of their online services including Hotmail, MSN and Windows Live. This scheme was designed to be segmentation-resistant, and it has been well studied and tuned by its designers over the years. However, our simple attack has achieved a segmentation success rate of higher than 90% against this scheme. It took ~80 ms for our attack to completely segment a challenge on a desktop computer with a 1.86 GHz Intel Core 2 CPU and 2 GB RAM. As a result, we estimate that this Microsoft scheme can be broken with an overall (segmentation and then recognition) success rate of more than 60%. On the contrary, its design goal was that “automatic scripts should not be more successful than 1 in 10,000? attempts (i.e. a success rate of 0.01%). For the first time, we show that a CAPTCHA that is carefully designed to be segmentation-resistant is vulnerable to novel but simple attacks. Our results show that it is not a trivial task to design a CAPTCHA scheme that is both usable and robust.
For more read the research paper.
