Researcher Discover “A logic vulnerability” dubbed ReBreakCaptcha to bypassing Google’s reCAPTCHA fields which is using for prevent from robots and abusive scripts to access sites by using google’s Speech Recognition API.
According to the Security Researcher , a bypass Technique called ReBreakCaptcha which is used for bypass Google’s ReCaptcha v2 anywhere on the web.
The proof-of-concept code the researcher released allows attackers to automate the process of bypassing reCAPTCHA fields, currently used on millions of sites to keep out spam bots.
Researcher explained in East-Ee Security , ReBreakCaptcha works in three stages ,
- Audio Challenge – Getting the correct challenge type.
- Recognition – Converting the audio challenge audio and sending it to Google’s Speech Recognition API.
- Verification – Verifying the Speech Recognition result and bypassing the ReCaptcha.
As per the Explantion give by the East-Ee Security , 3 Types of ReBreakCaptcha challenges has bee performed in this task .
Image Challenge
The challenge contains a description and an image which consists of 9 sub-images. The user is requested to select those sub-images that best match the given description.
Audio Challenge
The challenge contains an audio recording, The user is requested to enter the digits that are heard.
Now we have the audio challenge Recognition file and are ready to send it to Google Speech Recognition. How can this be done? Using their API.
Text Challenge
The challenge contains a category and 5 candidate phrases. The user is requested to select those phrases which best match the given category.
The [verification] stage is fairly short.
ReBreakCaptcha vulnerability still unpatched by Google
East-EE has named this assault ReBreakCaptcha, and he says he found this weakness in 2016. Today, when he opened up to the Public about his research, he said the vulnerability was still unpatched .
Researcher released allows attackers to automate the process of bypassing reCAPTCHA fields, currently used on millions of sites to keep out spam bots by proof-of-concept code which is written by python and available in Github .
Also Read :