Many websites utilise CAPTCHA (Completely Automatic Public Turing tests to tell Computers and Humans Apart) schemes as human interaction proofs to grant access to their services only to people rather than spam bots. In this paper, we examine the security of six widely used types of CAPTCHA and present novel attacks against all of them, achieving success rates of up to 88%. We made improvements ...

CAPTCHAs are an important security tool for preventing automated attacks against online systems. However, they can be an undesirable source of friction in the user experience. In this poster, we propose a novel approach to dynamically improve the CAPTCHA experience for users by individually learning which types of CAPTCHA tests each user is best at solving and adapting future tests presented ba...

Web access is affected by a great amount of accessibility issues that do not allow some users to access all information presented. Therefore, Web accessibility is an important issue because everybody should access Web content independently of their access features. Among these accessibility issues, a Web content element that interferes with Web accessibility is a CAPTCHA. A CAPTCHA is a challen...

Facial/voice-based authentication is becoming increasingly popular (e.g., already adopted by MasterCard and AliPay), because it is easy to use. In particular, users can now authenticate themselves to online services by using their mobile phone to show themselves performing simple tasks like blinking or smiling in front of its built-in camera. Our study shows that many of the publicly available ...

With the growing and prevalent usage of Internet, threat for the service providers has arisen. One of the most important aspects of modern security concerns is to deal with users that are computer programs or bots. These programs pretend to be human users and exploit servers by submitting data automatically, thereby, hindering the services of the server. Security mechanism dealing with such att...

A Completely Automated Public Turing test to tell Computer and Humans Apart (CAPTCHA) is a variation of the Turing test, in which a challenge is used to distinguish humans from computers (‘bots’) on the internet. They are commonly used to prevent the abuse of online services; for example, malicious users have written automated programs that signup for thousands of free email accounts and send S...

reCaptcha is a very popular CAPTCHA system on the Internet. Due to its design, we find that reCaptcha figures have certain feature that can potentially weaken this system. This paper discussed the design of reCaptcha, and use some simple Machine Learning algorithm to find a way to tell the difference between “control word” and “unknown word”. We also designed the experiment to evaluate our hypo...

CAPTCHAs have been deployed ubiquitously by web sites to combat automated malicious programs. Security against web bots and usability to legitimate users are two main goals that have to be simultaneously satisfied when designing a useful CAPTCHA scheme. However, there exists a well-known and intricate trade-off between these goals. So far, balancing this trade-off remains an art rather than a s...