Microsoft audio CAPTCHAs are defeated by researchers

INSECURITY RESEARCHERS at Stanford University have found a way to break through audio CAPTCHA technology used at web sites belonging to companies like Microsoft, Yahoo, Ebay and Digg.

The term 'CAPTCHA' stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" and the authentication method was devised by researchers at Carnegie Mellon University.

Visual CAPTCHAs involving letter and number images are often used for web site security authentication, but there are also audio CAPTCHAs made available to the visually impaired.

Postdoctoral researcher Elie Bursztein and computer science professor John Mitchell built a computer program that could listen to and decipher audio CAPTCHAs used to help people who can't see properly and which require a computer user to listen to letters and numbers disguised by noise in the background.

The Decaptcha program works by recognising the sound patterns used in speaking letters of the alphabet as well as numbers. It then tries to decode audio captchas that carry sounds similar to what the program has stored. It worked - the program had a 50 per cent success rate in breaking into Microsoft-built audio CAPTCHAs.

It also attempted to decode audio CAPTCHAs from the firm Recaptcha, which is used on web sites such as Facebook, Youtube and Ticketmaster. Its technology is more advanced as it adds noise like conversations in the background, and Decaptcha only got a one per cent success rate as computers can't distinguish between the signal and background noise as easily as humans. But that's still worrying, considering that these web sites are used by millions of people every day.

The researchers believe that enough users are at risk to make it a priority to keep strengthening audio CAPTCHA technology, for example by using background music or entire words. µ