unCaptcha: A Low-Resource Defeat of reCaptcha's Audio Challenge


Kevin Bock, Daven Patel, George Hughey, and Dave Levin, University of Maryland


CAPTCHAs are the Internet’s first line of defense against automated account creation and service abuse. Google’s reCaptcha, one of the most popular captcha systems, is currently used by hundreds of thousands of websites to protect against automated attackers by testing whether a user is truly human. This paper presents unCaptcha, an automated system that can solve reCaptcha’s most difficult auditory challenges with high success rate. We evaluate unCaptcha using over 450 reCaptcha challenges from live websites, and show that it can solve them with 85.15% accuracy in 5.42 seconds, on average. unCaptcha combines free, public, online speech-to-text engines with a novel phonetic mapping technique, demonstrating that it requires minimal resources to mount a large-scale successful attack on the reCaptcha system.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {206150,
author = {Kevin Bock and Daven Patel and George Hughey and Dave Levin},
title = {{unCaptcha}: A {Low-Resource} Defeat of {reCaptcha{\textquoteright}s} Audio Challenge},
booktitle = {11th USENIX Workshop on Offensive Technologies (WOOT 17)},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/woot17/workshop-program/presentation/bock},
publisher = {USENIX Association},
month = aug