Cyber Security Website Captchas are vulnerable to Cyber Attacks


This news is intended to those website users who still use regular text-based security ‘Captchas’ to keep their web portals from being raided by automated internet software.

Researchers at the Lancaster University School of Computing and Communications have found out that the regular security captchas used by certain websites are vulnerable to cyber attacks as they can be easily hacked with the help of a new algorithm.

The algorithm is said to be based on Artificial Intelligence-based deep learning methods which have the ability to solve captcha security and bypass authentication systems with ease.

Technically speaking, text-based captchas are just a mixture of letters and numbers which are intended to be identified by humans only. But researchers have found out a way to decipher the characters with the help of machine learning tools.

Dr. Zheng Wang, a senior lecturer at Lancaster University said that all text-based Captcha schemes are vulnerable to cyber attacks under deep learning methods. Therefore, the much proclaimed 1st line of security defense used by many websites can now be treated as non-reliable, as it still opens the portal to denial of service attacks and spam or phishing messages. Given the high success rate of the research on text captcha schemes, website owners should consider abandoning them as soon as possible.

Then what’s the solution?

Well, Google has already found out a solution for such instances in the form of ‘invisible web security captchas’. The new algorithms ask people to complete a puzzle like identifying street lights in a photo taken at a traffic junction or road signs taken by security cameras which is an easy ‘to do’ task for humans and challenging for machines.

The web search giant has also announced that its new way of security can stop automated bots accessing and using websites. Furthermore, the new security captcha themes are also reportedly being used by the Alphabet Inc subsidiary to train Artificial Intelligence algorithms. For example- if Google’s AI cannot recognize a house in a photo taken by a street view car, it sends that photo to its captcha servers which then seek human inputs.

However, sometimes such security offerings might prove as an interruption to genuine website users who might be in a hurry to access the website info or service for some reason.

Note- Google has declared the death of text-based security captchas from March’17. But still many websites -mainly those related to governments are found using them.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display