Quote:An old attack method dating back to 2017 that uses voice-to-text to bypass CAPTCHA protections turns out to still work on Google’s latest reCAPTCHA v3.
That’s according to researcher Nikolai Tschacher, who posted a video proof-of-concept (PoC) of the attack on Jan. 2.
CAPTCHA, introduced in 2014, is an acronym for Completely Automated Public Turing Test to Tell Computers and Humans Apart. ReCaptcha is Google’s name for its own technology and free service that uses image, audio or text challenges to verify that a human is signing into an account. It’s a bit of code available free of charge from Google for accounts that handle less than 1 million queries a month. Google recently started charging for larger reCAPTCHA accounts.
“The idea of the attack is very simple: You grab the MP3 file of the audio reCAPTCHA and you submit it to Google’s own speech-to-text API,” Tschacher wrote. “Google will return the correct answer in over 97 percent of all cases.”
The report includes a video showing how Tschacher’s bot works. He added that this attack method works on even the latest version, reCAPTCHA v3.
Google did not immediately respond to Threatpost’s request for comment on the report.
Read more: https://threatpost.com/researcher-breaks...pi/162734/
![[-]](https://www.geeks.fyi/images/collapse.png)
