7. Allan Caine 7
Consequence:
Multi-point Attack
The resemblance is
uncanny. Both use
the same 3rd
party
CAPTCHA provider,
audienceview.com.
Breaking one
CAPTCHA, breaks
both sites. Attacker
has two points of
attack and more
incentive to attempt
the attack.
8. Allan Caine 8
All of these Sites are
Compromised!
www.tickets.com
And many other
non-baseball sites
9. Allan Caine 9
Attacking Repeaters
Purchase
RequestKey: k
challenge
E-commerce web site.
MLB & yourtube.com
Bot
CAPTCHA
Server
CGI: k
CGI: k
Expects
3882948
14. Allan Caine 14
Correlate and Vote
Best Match!
Usually, we get a correct match.
Occasionally, due to image
noise in the target, we get a
spurious result.
No problem! We ask the
CAPTCHA server for another
image with the same solution.
We try again to cross check our
work.
15. Allan Caine 15
“Election” Results
The digit getting the
most votes for a
particular position
“wins” the election
and is our choice for
the solution.
16. Allan Caine 16
So What?
Strategy depends upon a specific
weakness (repeating) and yet:
Unlimited access to training data
(common fault)
Strategy suggests how to segregate
characters
Learning complex strategies perhaps
break other CAPTCHAs
17. Allan Caine 17
Future Directions
Apply the learn off-line/attack on-line
strategy to break other CAPTCHAs
(i.e. break yourtube.com and
audienceview.com)
Use analysis to build more robust
verifiers (i.e. k not constant)
Build prototype e-commerce
websites according to our model and
test.