authors
- RIBAGORDA GARNACHO, ARTURO
- HERNANDEZ CASTRO, JULIO CESAR
Pitfalls in CAPTCHA Design and Implementation: The Math CAPTCHA, a Case Study
Articles
Overview
published in
- COMPUTERS & SECURITY Journal
publication date
- February 2010
start page
- 141
end page
- 157
issue
- 1
volume
- 29
Digital Object Identifier (DOI)
International Standard Serial Number (ISSN)
- 0167-4048
Electronic International Standard Serial Number (EISSN)
- 1872-6208
abstract
- We present a black-box attack against an already deployed CAPTCHA that aims to protect a free service delivered using the Internet. This CAPTCHA, referred to as "Math CAPTCHA" or "QRBGS CAPTCHA", requests the user to solve a mathematical problem in order to prove human. We study significant problems both in its design and its implementation, and how those flaws can be used to completely solve this CAPTCHA using a low-cost attack. This attack requires no development in Artificial Intelligence or automatic character recognition, the intended path, thus becoming a side-channel attack, based on this CAPTCHAs flaws. We relate these flaws to common flaws found in other CAPTCHA proposals. We conclude with some tips for enhancing this CAPTCHA that can be considered as general guidelines.