Stanford research team cracks animated NuCaptcha

Feb 22, 2012 by Bob Yirka report

(PhysOrg.com) -- The research team from Stanford University, led by Elie Bursztein, that previously had cracked regular CAPTCHAs and then audio CAPTCHAs, now has also successfully cracked the animated version called NuCaptcha. Bursztein details how the team did it and offers suggestions on how to improve them in a post on his blog.

CAPTCHAs, as most are aware, are little boxes with numbers and/or letters displayed in them that users who wish to gain entry to a web site must decipher and type in correctly in order to gain access. They are used as barriers against bots that seek to gain entry for other purposes. Originally it was hoped that CAPTCHAs would prove to be sufficiently strong enough to keep out most any bot; unfortunately, as hackers found more reasons to overcome them (to view a video on YouTube millions of time, for example to pump up ad revenue) more ways were created to do so. To overcome this, came up with audio and video (animated) versions. It didn’t take long for the research team at Stanford to crack the audio version, and now they’ve announced that they have done the same for the video version, though they suggest with a little tweaking, the video version might be made strong enough to ward off most bot attacks.

NuCaptcha differs from regular in that the letters and/or numbers are made to move across the window box, like a ticker-tape. To make things even more challenging, the letters and/or numbers are also partially rotated as they move.

To crack them, the team created software that takes multiple snapshots of the NuCaptcha image over time which allowed for still image analysis. Once the software believed it had the full message in a frame, the resultant image was turned to black and white and the background removed to make deciphering the code easier. After that, character analysis software was used to break down the individual numbers and letters. Then, all that was left to do was knit them together as typewritten text and enter the whole string into the input box. Bursztein says the process is ninety percent accurate.

He also writes that cracking NuCaptcha was harder in some respects than cracking the original CAPTCHAs due to the moving characters. But he says it was also easier in another way, because in creating multiple frame captures there was more data to work with which allowed for performing multiple guesses against the same coded characters before actually submitting the final guess to the system. He also says that NuCaptcha could likely be made more difficult to crack if more decoys were added to the coded characters, which the makers of NuCaptcha are planning to do.

The team from Stanford didn’t strike out of the blue however, they have been working with the NuCaptcha team for several months so that improvements could be made before got wind of the means by which they could crack the older version.

Explore further: Engineer leads effort to develop computer systems that can see better than humans

Related Stories

Stanford computer scientists find Internet security flaw

May 24, 2011

(PhysOrg.com) -- Researchers at the Stanford Security Laboratory create a computer program to defeat audio captchas on website account registration forms, revealing a design flaw that leaves them vulnerable ...

Stanford researchers outsmart captcha codes

Nov 03, 2011

(PhysOrg.com) -- Stanford researchers say that captcha security codes, asking Internet sign-up users to repeat a string of letters to prove the users are human, can be thwarted, and they have successfully ...

Strong protection for weak passwords

Apr 19, 2011

(PhysOrg.com) -- The combination of simple codes and Captchas, which are even more encrypted using a chaotic process, produces effective password protection.

Recommended for you

Enabling a new future for cloud computing

7 hours ago

The National Science Foundation (NSF) today announced two $10 million projects to create cloud computing testbeds—to be called "Chameleon" and "CloudLab"—that will enable the academic research community ...

Hacking Gmail with 92 percent success

18 hours ago

(Phys.org) —A team of researchers, including an assistant professor at the University of California, Riverside Bourns College of Engineering, have identified a weakness believed to exist in Android, Windows ...

User comments : 7

Adjust slider to filter visible comments by rank

Display comments: newest first

TabulaMentis
1 / 5 (3) Feb 22, 2012
Keep up the good work. Maybe you will figure out how to hack peoples minds so we can become immortal here on earth by placing the info into new cloned bodies.
DaceCMongler
5 / 5 (2) Feb 22, 2012
Here's an idea: Include one different coloured letter in the captcha, and let the user know that you should NOT include that colored letter in the input.
TabulaMentis
5 / 5 (1) Feb 22, 2012
Here's an idea: Include one different coloured letter in the captcha, and let the user know that you should NOT include that colored letter in the input.
Color should be very easy for computer hacking programs to decipher.
Deathclock
5 / 5 (1) Feb 22, 2012
All they have to do is draw from a database of millions of small clip art images and ask the user to enter the name of the object pictured...

"Sun"
"House"
"Car"
"Ball"
"Chair"

and so on and so forth... the more images you have to draw from when picking one at random to show the user the harder this system would be to crack. Analyzing a cartoon representation of an unknown object from and indeterminate set of unknown images and identifying the object being represented would be VERY difficult for software. IF the would-be crackers knew the full set of possible images it would be much easier, and that is why normal captchas are so easy to crack, the set of possible characters is known, making it trivial to use pattern matching to find them.

For what it's worth I am a software engineer, I have studied pattern matching, machine learning, and basic AI at the university level.
Deesky
4.5 / 5 (2) Feb 22, 2012
NuCaptcha could likely be made more difficult to crack if more decoys were added to the coded characters

Oh terrific! Yes, make it even harder for humans to decode! I swear, every time I need enter one of those blasted things, I have to have two or three stabs at it - bah!
guesta0
not rated yet Feb 23, 2012
They can add fake inter-frames in the Captcha video.
baudrunner
not rated yet Feb 23, 2012
Those are valuable algorithms those guys are using. They can be implemented across a wide range of applications. Good work!