Toggle Main Menu Toggle Search

Open Access padlockePrints

The robustness of hollow CAPTCHAs

Lookup NU author(s): Dr Jeff Yan


Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


CAPTCHA is now a standard security technology for differentiating between computers and humans, and the most widely deployed schemes are text-based. While many text schemes have been broken, hollow CAPTCHAs have emerged as one of the latest designs, and they have been deployed by major companies such as Yahoo!, Tencent, Sina, China Mobile and Baidu. A main feature of such schemes is to use contour lines to form connected hollow characters with the aim of improving security and usability simultaneously, as it is hard for standard techniques to segment and recognize such connected characters, which are however easy to human eyes. In this paper, we provide the first analysis of hollow CAPTCHAs' robustness. We show that with a simple but novel attack, we can successfully break a whole family of hollow CAPTCHAs, including those deployed by all the major companies. While our attack casts serious doubt on the viability of current designs, we offer lessons and guidelines for designing better hollow CAPTCHAs.

Publication metadata

Author(s): Gao H, Wang W, Qi J, Wang X, Liu X, Yan J

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Year of Conference: 2013

Pages: 1075-1086

Publisher: ACM New York, NY, USA


DOI: 10.1145/2508859.2516732

Library holdings: Search Newcastle University Library for this item

ISBN: 9781450324779