A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy.

Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept (PoC) of the attack on January 2.

"The idea of the attack is very simple: You grab the MP3 file of the audio reCAPTCHA and you submit it to Google's own speech-to-text API," Tschacher said in a write-up. "Google will return the correct answer in over 97% of all cases."


Introduced in 2000, CAPTCHAs (or Completely Automated Public Turing test to tell Computers and Humans Apart) are a type of challenge-response tests designed to protect against automated account creation and service abuse by presenting users with a question that is easy for humans to solve but difficult for computers.

reCAPTCHA is a popular version of the CAPTCHA technology that was acquired by Google in 2009. The search giant released the third iteration of reCAPTCHA in October 2018. It completely eliminates the need to disrupt users with challenges in favor of a score (0 to 1) that's returned based on a visitor's behavior on the website — all without user interaction.

The whole attack hinges on a research dubbed "unCaptcha," published by University of Maryland researchers in April 2017 targeting the audio version of reCAPTCHA. Offered for accessibility reasons, it poses an audio challenge, allowing people with vision loss to play or download the audio sample and solve the question.

To carry out the attack, the audio payload is programmatically identified on the page using tools like Selenium, then downloaded and fed into an online audio transcription service such as Google Speech-to-Text API, the results of which are ultimately used to defeat the audio CAPTCHA.

Following the attack's disclosure, Google updated reCAPTCHA in June 2018 with improved bot detection and support for spoken phrases rather than digits, but not enough to thwart the attack — for the researchers released "unCaptcha2" as a PoC with even better accuracy (91% when compared to unCaptcha's 85%) by using a "screen clicker to move to certain pixels on the screen and move around the page like a human."


Tschacher's effort is an attempt to keep the PoC up to date and working, thus making it possible to circumvent the audio version of reCAPTCHA v2 by leveraging a bot to simulate the entire process and defeat the protections.

"Even worse: reCAPTCHA v2 is still used in the new reCAPTCHA v3 as a fallback mechanism," Tschacher noted.

With reCAPTCHA used by hundreds of thousands of sites to detect abusive traffic and bot account creation, the attack is a reminder that it's not always foolproof and of the significant consequences a bypass can pose.

In March 2018, Google addressed a separate flaw in reCAPTCHA that allowed a web application using the technology to craft a request to "/recaptcha/api/siteverify" in an insecure manner and get around the protection every time.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.