Program defeats audio CAPTCHAs, researchers learn how to improve it

A group of researchers from Stanford University’s Security Laboratory has managed to build a computer program able to solve audio CAPTCHAs, reported the University on its site.

They have trained the software – called Decaptcha – to recognize letters and numbers when spoken, and then put it to the test by feeding it with CAPTCHAs it hasn’t heard before. And it worked – partly.

They managed to prove that in 50 percent of the cases, the program can successfully decode commercial CAPTCHAs. The software has a lot less success with reCAPTCHAs, which it solved only in one percent of the cases, but the researchers consider even that percentage enough when dealing with botnets that can bombard online services with requests for opening accounts.

While doing this research and testing the software, they have discovered what is the thing that makes it difficult for computers to solve CAPTCHAs and, consequently, how audio CAPTCHAs can be improved to make the solving percentage even less.

As it turns out, computers are less likely to decipher what the words in the puzzle are if the background noise isn’t static or repetitive, or simply white noise. They best results were achieved with music with lyrics or distorted voices in the background, because they are not just noise – they are semantic noise, noise with a meaning, and computers have a tough time distinguishing the forefront noise from the background one.

Since reCAPTCHAs do contain this kind of noise, they proved to be the toughest for the program to solve. There is still room for improvement, but the good news is that now the direction in which to head is clear. The only thing that the developers will have to keep in mind is that the CAPTCHAs can’t be too complicated for the human users to solve.