Pierluigi Paganini January 03, 2019

The unCaptcha automated system can once again bypass Google’s reCAPTCHA challenges, despite major updates to the security service.

It has happened again, the unCaptcha automated system is able to bypass the Google reCAPTCHA mechanism even if it was improved over the years.

The unCaptcha system was created in 2017 to bypass the reCAPTCHA mechanism used to protect websites from abuses. 

After unCaptcha was presented by researchers from the University of Maryland (UM), Google improved its security to bypass Google reCAPTCHA

Now unCaptcha has been modified and it is able to bypass Google reCAPTCHA again.

The unCaptcha is able to bypass the audio challenges presented by reCAPTCHA, it could be also used to bypass other security systems such as BotDetect, Yahoo, and PayPal image challenges.

The system receives the audio challenge, downloads it, and submits it to Speech To Text. The unCAPTCHA parses the response and types the answer, then it clicks submit and checks if the response to the challenge was correct.

Google experts introduced a couple features to improve reCAPTCHA, they enhanced the browser automation detection and used spoken phrases instead of spoken digits. The unCaptcha system now uses a screen clicker to mimic human movement on a page. 

Since June 2018, unCaptcha was updated to bypass Google’s security service once again.

“Created in April 2017, unCaptcha achieved 85% accuracy defeating Google’s ReCaptcha. After the release of this work,”  explained the experts.

“Google released an update to ReCaptcha with the following major changes:

• Better browser automation detection
• Spoken phrases rather than digits”

The researchers shared their work with the ReCaptcha team that after six months authorized them to release the code.

“The Recaptcha team is aware of this attack vector, and have confirmed they are okay with us releasing this code, despite its current success rate. This attack vector was deemed out of scope for the bug bounty program,” continue the experts. 

“Thanks to the changes to the audio challenge, passing ReCaptcha is easier than ever before. The code now only needs to make a single request to a free, publicly available speech to text API to achieve around 90% accuracy over all captchas,”

Experts pointed out that the new unCaptcha variant won’t be updated when Google improves its service, they also removed their API keys from all the necessary queries.

“unCaptcha2, like the original version, is meant to be a proof of concept. As Google updates its service, this repository will notbe updated. As a result, it is not expected to work in the future, and is likely to break at any time.” concludes the experts.

“Unfortunately, due to Google’s work in browser automation detection, this version of unCaptcha does not use Selenium. As a result, the code has to navigate to specific parts of the screen. To see unCaptcha working for yourself, you will need to change the coordinates for your screen resolution.

While unCaptcha2 is tuned for Google’s Demo site, it can be changed to work for any such site – the logic for defeating ReCaptcha will be the same.

Additionally, we have removed our API keys from all the necessary queries.”

Pierluigi Paganini

(SecurityAffairs – reCaptcha, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]