TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Bot breaks Google Audio ReCaptcha with Google’s own Speech to Text API

Since its formal introduction, thousands of websites across the internet have used Google’s reCAPTCHA as an effective way to stay away from unwanted robots and crawlers. The reCAPTCHA interface helps the site to confirm if the person accessing the site is human.

Google Audio reCaptcha

Google Audio reCAPTCHA not secure

However, according to Nikolai Tschacher, a researcher, the Speed-to-Text API from Google opens the best way to bypass the reCAPTCHA interface. The digital security expert submitted his PoC findings on the 2nd of January 2021. This is one of the first bold accusations towards the renowned security system, though.

According to Mr. Tschacher, attackers may use a simple-enough procedure to bypass the reCAPTCHA. In case you didn’t know, reCAPTCHA always offers an option to listen to the audio message and extract the hidden characters from the voice instead of looking at the images.

While this is an accessibility-friendly feature, the hacker can download the MP3 file of the audio CAPTCHA and extract the information using Google’s speech-to-text API. Once extracted, hackers could use this information to get away from the reCAPTCHA UI. It’d have taken the hackers a considerable amount of time to do the same with the image-based CAPTCHAs.

Despite being unique, this isn’t the first Proof of Concept from Tschacher’s team to challenge the traditional functioning of Google reCAPTCHA. The team has been working on the topic for some time and made an update to Google in July 2018. The tech giant considered this advice and ensured that the new version could detect and disable bots better.

Nevertheless, in light of what the security researcher has submitted on the 2nd of January 2021, these measures seem to be only half-effective. In fact, even the latest version of the Google reCAPTCHA interface is breakable using the speech-to-text interface.

Tschacher also notes that Google improving bot detection options in reCAPTCHA 3 is a half-baked move as it has set reCAPTCHA 2 as the fallback option. Nevertheless, considering how widespread this service is used, Google will indeed release an update to this security system or at least tweak the speech-to-text API so that it doesn’t promote such a clash of self-interest.

Published on Tags:

TanmayPatange@TWCN

Tanmay loves writing about Technology, Internet, Apps, Social Media, and Cybersecurity. He also tracks OTT video content streaming space and likes to spend his weekends watching plays. You can contact him on Twitter @techtsp.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap