The robustness of hollow CAPTCHAs
The robustness of hollow CAPTCHAs
CAPTCHA is now a standard security technology for differentiating between computers and humans, and the most widely deployed schemes are text-based. While many text schemes have been broken, hollow CAPTCHAs have emerged as one of the latest designs, and they have been deployed by major companies such as Yahoo!, Tencent, Sina, China Mobile and Baidu. A main feature of such schemes is to use contour lines to form connected hollow characters with the aim of improving security and usability simultaneously, as it is hard for standard techniques to segment and recognize such connected characters, which are however easy to human eyes. In this paper, we provide the first analysis of hollow CAPTCHAs' robustness. We show that with a simple but novel attack, we can successfully break a whole family of hollow CAPTCHAs, including those deployed by all the major companies. While our attack casts serious doubt on the viability of current designs, we offer lessons and guidelines for designing better hollow CAPTCHAs.
captcha, convolutional neural network, graph search, security
1075-1085
Association for Computing Machinery
Gao, Haichang
ca792d28-9307-46a6-ae7e-29b439d200cc
Wang, Wei
94191ea2-eaa4-4003-b464-73ef70b5e18c
Qi, Jiao
c7b853ad-dfc9-45af-944e-5a5426b207ab
Wang, Xuqin
c30e2c7f-0873-417c-b4b7-dc9299cebd96
Liu, Xiyang
07f21d97-db22-474d-ab20-0ee6f962ee6f
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
4 November 2013
Gao, Haichang
ca792d28-9307-46a6-ae7e-29b439d200cc
Wang, Wei
94191ea2-eaa4-4003-b464-73ef70b5e18c
Qi, Jiao
c7b853ad-dfc9-45af-944e-5a5426b207ab
Wang, Xuqin
c30e2c7f-0873-417c-b4b7-dc9299cebd96
Liu, Xiyang
07f21d97-db22-474d-ab20-0ee6f962ee6f
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Gao, Haichang, Wang, Wei, Qi, Jiao, Wang, Xuqin, Liu, Xiyang and Yan, Jeff
(2013)
The robustness of hollow CAPTCHAs.
In CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security.
Association for Computing Machinery.
.
(doi:10.1145/2508859.2516732).
Record type:
Conference or Workshop Item
(Paper)
Abstract
CAPTCHA is now a standard security technology for differentiating between computers and humans, and the most widely deployed schemes are text-based. While many text schemes have been broken, hollow CAPTCHAs have emerged as one of the latest designs, and they have been deployed by major companies such as Yahoo!, Tencent, Sina, China Mobile and Baidu. A main feature of such schemes is to use contour lines to form connected hollow characters with the aim of improving security and usability simultaneously, as it is hard for standard techniques to segment and recognize such connected characters, which are however easy to human eyes. In this paper, we provide the first analysis of hollow CAPTCHAs' robustness. We show that with a simple but novel attack, we can successfully break a whole family of hollow CAPTCHAs, including those deployed by all the major companies. While our attack casts serious doubt on the viability of current designs, we offer lessons and guidelines for designing better hollow CAPTCHAs.
This record has no associated files available for download.
More information
Published date: 4 November 2013
Venue - Dates:
2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, , Berlin, Germany, 2013-11-04 - 2013-11-08
Keywords:
captcha, convolutional neural network, graph search, security
Identifiers
Local EPrints ID: 508336
URI: http://eprints.soton.ac.uk/id/eprint/508336
ISSN: 1543-7221
PURE UUID: a0cf84ff-7d93-4c33-a3c3-1a91ea80962e
Catalogue record
Date deposited: 19 Jan 2026 17:36
Last modified: 19 Jan 2026 17:36
Export record
Altmetrics
Contributors
Author:
Haichang Gao
Author:
Wei Wang
Author:
Jiao Qi
Author:
Xuqin Wang
Author:
Xiyang Liu
Author:
Jeff Yan
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics