Latest Captcha’s used by Google and Facebook are vulnerable!

Have you ever seen that “Image Captchas” while using internet? Tech Giants Facebook and Gmail are also using that captcha and according to the security researchers of Columbia University, this captcha is vulnerable. Angelos D. Keromytis, Suphannee Sivakorn and Iasonas Polakis are three security researchers, who found major vulnerabilities in captcha used by Facebook and Google. During research, an attack has been performed by the security researchers which was allowing them to bypass the security system. All these vulnerabilities had been found by the security researchers, when they were clicking on “ReCaptcha” button.

What they did?

A system had been prepared by the security researchers to break down this captcha system. Before testing captcha system, researchers checked this system for getting accurate results. They were performing attacks on other captcha systems and after that they were making changes into attack strategies as per need of this latest captcha system. Finally they found some major security issues, which allows hackers to perform attacks of large scale.

Google's ReCaptcha System

To check Google’s Recaptcha system, researchers launched an offline test against it after understanding the recaptcha functions used by it. The success percentage of researchers in this test was 45 percent. During this offline test, more than 2000 thousands captchas were break down by the researchers. When they perform a live test, the success rate of test was more because images can repeat itself at that time. Google is using low quality images in there captcha system, therefore the success rate was less.

Facebook's ReCaptcha System

During the testing of Facbook’s ReCaptcha system, researchers break down more than 200 image captchas. The success percentage of this test was more than 80 percent. Facebook is using high quality images in their captcha system which are easy to identify. Therefore success rate was more in this case as compared to Google.

Researchers reported about these vulnerabilities to Google and Facebook. Google rewarded security researchers and now they are doing work to fix these flaws, On the other hand, Facebook is busy to be sure about these vulnerabilities.