Stiltwalker Beat Audio ReCAPTCHA

This talk from the 2012 LayerOne conference outlines how the team build Stiltwalker, a package that could beat audio reCAPTCHA. We’re all familiar with the obscured images of words that need to be typed in order to confirm that you’re human (in fact, there’s a cat and mouse game to crack that visual version). But you may not have noticed the option to have words read to you. That secondary option is where the toils of Stiltwalker were aimed, and at the time the team achieved 99% accurracy. We’d like to remind readers that audio is important as visual-only confirmations are a bane of visually impaired users.

This is all past-tense. In fact, about an hour before the talk (embedded after the break) Google upgraded the system, making it much more complex and breaking what these guys had accomplished. But it’s still really fun to hear about their exploit. There were only 58 words used in the system. The team found out that there’s a way to exploit the entry of those word, misspelling them just enough so that they would validate as any of up to three different words. Machine learning was used to improve the accuracy when parsing the audio, but it still required tens of thousands of human verifications before it was reliably running on its own.

[via Reddit]

13 thoughts on “Stiltwalker Beat Audio ReCAPTCHA

  1. This was an excellent talk, but if anyone has tried to use the *NEW* audio recaptcha, there is much more work to be done.

    The interesting part is, Google’s *NEW* audio captcha is almost too hard to listen to and remember the words as a human. I can see an A.D.A. complaint being filed soon…

  2. Not to be a downer but I’m really tired of seeing this. It keeps popping up as something new every day for the last couple weeks.

    The idea was quite good and they spent a lot of time and effort on it, but they’re a bit obnoxious for my liking.

    It’s annoying that a lot of media (not HaD) was misleading people into thinking this is an active exploit when in fact they were never able to show it working. They say google changed the code just before they went live with the talk. So meh. Woulda liked to see it working on a live captcha system.

    1. I saw this talk and the code, it was real. They actually had a video of it solving that they took just in case something like this happened, because the mighty demo gods were very angry at the conference.

      It’s not a particularly groundbreaking technique (actually quite amateur, surely many spammers were already doing it) but the execution was very good. The concept is still sound and could be used to break the new version, which is now very hard for humans but ironically still simple enough for computers to decode easily.

    2. i thought it was a great talk, they did a fine job very informal, off the cuff and rather drunk sorta thing. he got over 99% thats pretty good, that is the system guessing with a higher accuracy than humans.
      most exploits are demoed and explained after they have already been patched so there is nothing new there (except that they didnt intend for this to be after the patch)

      part of the reason i like these kinds of demonstrations is it fuels the search for an exploit and gives a venue in which to legitimately talk about those exploits. this allows the companies involved to know they have a problem and pushes them to fix them, this fixes exploits likely being used by spammers who don’t use this legitimate venue instead keeping their secrets to themselves or selling them. this keeps the system evolving and helps everyone.

    3. I saw them give this as a PRIVATE demo talk a few months before the release and it worked great, they were only able to achieve 97% accuracy at the time, but they were able to improve it before the release talk. It sucks that google upgraded right before their talk, I am guessing that it was not by accident. I gotta give c-p and the dc949 props, they made google (the giant) flinch.

  3. Just wondering, how many others have thought of this? I never cared much about cracking capchas, but I had this idea years ago. I expected people would have implemented it many times over by now. Was I mistaken? It just seems like RE 101: There are two forms of output. Which is the most vulnerable?

    Enough of my rambling though, I’m tired. I’m still glad to see someone put this together, and while google may be too hot to handle. There are many more capcha types that are much weaker.

  4. Great to see this kind of thing happening. Keeps everyone on their toes and makes these security systems look quite pointless. As far as recaptcha goes, I hope something usable is invented to replace it as soon as possible. It’s terrible!

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.