CAPTCHA tests are used by a range of different online services to help check if you are actually human. The problem is, computers can figure them out quite easily, especially if they are static characters. So new, enhanced CAPCTHA tests were introduced that used audio and even video to make them more secure.
In May last year a security research team at Stanford managed to crack audio CAPTCHAs. Now they’ve achieved the same for video CAPTCHAs too.
You’d think video CAPTCHAs would be impossible to analyze by a piece of software. Not only do they have difficult to read characters only humans should be able to pick out, they also add animation. That means the characters are never static within the CAPTCHA test area.
Even so, the Stanford team created a piece of software called Decaptcha that can solve them with over 90% success. The team focused on one of the first video CAPTCHA services called NuCaptcha when trying to figure out how to crack it.
Breaking NuCaptcha ended up being a five phase process. The first phase involved extracting the frames from the video so there is something static to work with. Phase two removes the background and makes the characters white on a black background. Phase three combines the captured frames to help identify where the characters of interest are located. Phase four extracts the specific characters related to the CAPTCHA, and phase five uses a machine learning algorithm to figure out what each individual character is.
The Stanford team admit that video capture is more difficult to solve than text-based CAPTCHA due to the motion involved. They’ve also used their research to feedback suggestions to NuCaptcha to make its system even more secure.