The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Breaking visual CAPTCHAs with naïve pattern recognition algorithms

Breaking visual CAPTCHAs with naïve pattern recognition algorithms
Breaking visual CAPTCHAs with naïve pattern recognition algorithms

Visual CAPTCHAs have been widely used across the Internet to defend against undesirable or malicious bot programs. In this paper, we document how we have broken most such visual schemes provided at Captchaservice.org, a publicly available web service for CAPTCHA generation. These schemes were effectively resistant to attacks conducted using a high-quality Optical Character Recognition program, but were broken with a near 100% success rate by our novel attacks. In contrast to early work that relied on sophisticated computer vision or machine learning algorithms, we used simple pattern recognition algorithms but exploited fatal design errors that we discovered in each scheme. Surprisingly, our simple attacks can also break many other schemes deployed on the Internet at the time of writing: their design had similar errors. We also discuss defence against our attacks and new insights on the design of visual CAPTCHA schemes.

1063-9527
279-291
IEEE
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
El Ahmad, Ahmad Salah
e6e3d56d-a029-404f-aca6-14a8d54d2f43
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
El Ahmad, Ahmad Salah
e6e3d56d-a029-404f-aca6-14a8d54d2f43

Yan, Jeff and El Ahmad, Ahmad Salah (2008) Breaking visual CAPTCHAs with naïve pattern recognition algorithms. In 23rd Annual Computer Security Applications Conference, ACSAC 2007. IEEE. pp. 279-291 . (doi:10.1109/ACSAC.2007.47).

Record type: Conference or Workshop Item (Paper)

Abstract

Visual CAPTCHAs have been widely used across the Internet to defend against undesirable or malicious bot programs. In this paper, we document how we have broken most such visual schemes provided at Captchaservice.org, a publicly available web service for CAPTCHA generation. These schemes were effectively resistant to attacks conducted using a high-quality Optical Character Recognition program, but were broken with a near 100% success rate by our novel attacks. In contrast to early work that relied on sophisticated computer vision or machine learning algorithms, we used simple pattern recognition algorithms but exploited fatal design errors that we discovered in each scheme. Surprisingly, our simple attacks can also break many other schemes deployed on the Internet at the time of writing: their design had similar errors. We also discuss defence against our attacks and new insights on the design of visual CAPTCHA schemes.

This record has no associated files available for download.

More information

Published date: 2 January 2008
Venue - Dates: 23rd Annual Computer Security Applications Conference, ACSAC 2007, , Miami Beach, FL, United States, 2007-12-10 - 2007-12-14
Learn more about Cyber Security research

Identifiers

Local EPrints ID: 508338
URI: http://eprints.soton.ac.uk/id/eprint/508338
DOI: doi:10.1109/ACSAC.2007.47
ISSN: 1063-9527
PURE UUID: fe956c6a-bca4-4ff2-8845-de1ff9863be1

Catalogue record

Date deposited: 19 Jan 2026 17:36
Last modified: 19 Jan 2026 17:36

Export record

Altmetrics

Contributors

Author: Jeff Yan
Author: Ahmad Salah El Ahmad

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×