Thursday, February 14, 2008

Hack: Yahoo! CAPTCHA Cracked!

It has been suggested before that it would be a matter of time, but now it seems official: The Yahoo! CAPTCHA is no-more. A team of Russian hackers have found a way to read the CAPTCHA with 35% accuracy. Let there be no mistake: the CAPTCHA that Yahoo! deploys is believed one of the most difficult CAPTCHA's to crack. It utilizes bended alpha numeric characters and other features you might expect from a strong CAPTCHA, and still it's easy to solve by humans. I think this is a great leap in character recognition and the death punch to the Completely Automated Public Turing test to tell Computers and Humans Apart. I have weak faith in CAPTCHA's these days, since there will always be a way to compute something that requires human interaction. Whether it be image CAPTCHA's, audible ones or simply Javascript based CAPTCHA's.

The Russian hackers had this to say about the Yahoo! CAPTCHA:

"The CAPTCHA has a vulnerability we'll discuss later. It's not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100.000 tries per day, taking into the consideration the price of not automated recognition – one cent per one CAPTCHA." - which seems a plausible conclusion.