Before delving into why better online security systems are essential, it would help to gain insight into reCAPTCHA vs. CAPTCHA. As the acronym for “Completely Automated Public Turing Test to Tell Computers and Humans Apart,” you will understand some of the primary benefits of CAPTCHA and its potential risks.
ReCAPTCHA vs. CAPTCHA
A CAPTCHA is a program that differentiates a computer from a human user. With this, users take a simple computer-generated test. In comparison, reCAPTCHA relies on a sophisticated risk analysis engine along with adaptive CAPTCHAs to prevent automated software from engaging in risky or abusive activities on your website. In other words, reCAPTCHA protects against spam while letting your legitimate users pass through without incident.
Back in 2012, a group of three hackers revealed a free system capable of defeating the widely-used reCAPTCHA tests with a 99 percent level of accuracy. Calling themselves “Stiltwalker,” this trio exploited several weaknesses in the audio version used to confirm that humans were creating online accounts as opposed to scam-bots. ReCAPTCHA was not only used by Google, but also Craigslist, Facebook, and an additional 200,000 websites.
Because other hackers previously tried to compromise Google’s CAPTCHA, Google revamped its reCAPTCHA. However, the success rate was nowhere near that of Stiltwalker. One of the three Stiltwalker hackers explained via email that the high degree of accuracy is what makes them stand out. Along with exploiting design oversights, their innovative engineering skills allowed them to take full advantage of the design flaws.
Unlike standard reCAPTCHA, the audio version uses disguised text to assist visually impaired individuals. This process consists of users hearing six words over a computer speaker. For security, static-laden radio broadcasts play backward to mask the recorded words.
However, by analyzing sound prints of the different tests used as background noise, the Stiltwalker hackers used a spectrogram to plot each audio test’s frequencies, making it possible for them to isolate single words by identifying mapped high-pitch regions. Another problem was that reCAPTCHA used only 58 unique words, thereby aiding in the hacker’s success.
Although the Stiltwalker hack occurred five years ago, considering that more recently, a security researcher poked holes in Google’s CAPTCHA system by turning the search engine on itself, you can see that risks still exist. For that reason, improved security systems are critical.
Beefing Up Your Site’s Security
At MacRAE’S Marketing, we have the experience and expertise to provide your site optimal protection. Call us today to learn more.