Accessibility vs Security: Breaking CAPTCHAs by exploiting their accessibility features by Gautam Krishnan

Introduction Under the guidance of Prof. Jason Polakis, I had the opportunity to work on a web security project alongside Varshini Sampath and Saumya Solanki. In this work, we showed that how audio based CAPTCHAs, introduced as an accessible alternative for those unable to use the more common visual CAPTCHA can be exploited to nullify their purpose. This research was published in Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security (AISEC) and was also presented at Usenix ScAINet 2018. Terminology CAPTCHA (will be referring to as “captchas” henceforth)— A program or system intended to distinguish humans from computers as a way to prevent spam. These are often found as garbled text that can only be recognized by humans and not by computers. Challenge/Problem — The test presented to a user to validate themselves as a human. Solver — An automated system built to ‘hack’ the challenge and present itself as a....