This story is over 5 years old.


Researchers Fool ReCAPTCHA With Google’s Own Speech-To-Text Service

The new method has a 90 percent success rate at tricking the robot into thinking it’s human.
A hand holding a phone with CAPTCHA
Image via Shutterstock

Since the dawn of CAPTCHA, those annoying little “I am not a robot” tests used by websites for weeding out bots—security experts and researchers have looked for ways to mess with it. Some have tried to break them with reverse-image searches, deep learning, and "experimental neuroscience data.

Now, researchers at the University of Maryland claim that their CAPTCHA-fooling method, unCaptcha, can fool Google's reCaptcha, one of the most popular CAPTCHA systems currently used by hundreds of thousands of websites, with a 90 percent success rate. To add insult to injury, UnCaptcha tricks Google's reCaptcha by using Google’s own speech-to-text service.

The researchers originally developed UnCaptcha in 2017, which uses Google’s own free speech-to-text service to trick the system into thinking a robot is a human. It’s an oroborus of bots: According to their paper, UnCaptcha downloads the audio captcha, segments the audio into individual digit audio clips, uploads the segments to multiple other speech-to-text services (including Google’s), then converts these services' responses to digits. After a little homophone guesswork, it then decides which speech-to-text output is closest to accurate, and uploads the answer to the CAPTCHA field. This old method returned an 85% success rate.

After the release of that version of unCaptcha, Google fixed some of the loopholes that made it work, including better browser automation detection and switching to spoken phrases, rather than digits. The researchers claim that their new method, updated in June, gets around these improvements and is even more accurate than before, at 90 percent.

According to the project’s GitHub repository, Google knows about this new hack and is unbothered. “We have been in contact with the ReCaptcha team for over six months and they are fully aware of this attack,” the researchers write. “The team has allowed us to release the code, despite its current success.”