A Low-Cost Attack against the hCaptcha System
Md Imran Hossen, Xiali Hei
TL;DR
This paper introduces a low-cost automated attack that can successfully break hCaptcha challenges with high accuracy and minimal resources, highlighting potential security vulnerabilities in the system.
Contribution
The paper presents a novel automated attack method against hCaptcha that achieves over 95% success rate using minimal computational resources.
Findings
Achieves 95.93% success rate on live hCaptcha challenges
Cracks challenges in approximately 19 seconds on average
Operates effectively with only 2GB RAM and 3 CPUs without GPU
Abstract
CAPTCHAs are a defense mechanism to prevent malicious bot programs from abusing websites on the Internet. hCaptcha is a relatively new but emerging image CAPTCHA service. This paper presents an automated system that can break hCaptcha challenges with a high success rate. We evaluate our system against 270 hCaptcha challenges from live websites and demonstrate that it can solve them with 95.93% accuracy while taking only 18.76 seconds on average to crack a challenge. We run our attack from a docker instance with only 2GB memory (RAM), 3 CPUs, and no GPU devices, demonstrating that it requires minimal resources to launch a successful large-scale attack against the hCaptcha system.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.