CAPTCHA is a security mechanism used to prevent bots from using the services of the website intended for humans. Till date, a number of CAPTCHA schemes have been successfully broken which made the design of CAPTCHAs an interesting area of research. Schemes of CAPTCHAs can be categorized as text based, image based, animation based, natural language based, option based and audio based. This paper explains some of the strengths and weaknesses of the CAPTCHA currently used by Yahoo and steps to crack it automatically. The CAPTCHA is an animation based text CAPTCHA. It is cracked by first removing the noise in the background and finally applying our own developed Optical Character Recognition (OCR) program which is specialized for reading characters in Yahoo CAPTCHA only. The automatic crack program has a successful rate of 63%.

Breaking Yahoo CAPTCHA; Animation Based; Text Based; OCR

[1] L.von Ahn, M. Blum, N. J. Hopper and J. Langford, “CAPTCHA: using hard AI problems for security”, Springer, vol. 2656, 2003, pp. 294-311.
[2] J.Yan and A. S. E. Ahmad. “Breaking visual CAPTCHAs with naive pattern recognition algorithms”, IEEE Computer Society, 2007, pp. 279-91.
[3] K.Chellapilla, K. Larson, P. Y. Simard and M. Czerwinski, “Designing human friendly human interaction proofs (HIPs)”, ACM, 2005, pp. 711-720.
[4] J.Yan and A. S. E. Ahmad, “A low-cost attack on a Microsoft CAPTCHA”, ACM conference on computer and communications security,ACM, 2008, pp. 543-554.
[5] A.S.E. Ahmad, J. Yan and W. Y. Ng, “CAPTCHA design: color, usability, and security”, IEEE Internet Computing, 2012, pp. 44-51.
[6] Y.Nakaguro, M. N. Dailey, S. Marukatat and S. S. Makhanov, “Defeating line-noise CAPTCHAs with multiple quadratic snakes”, Computers & Security, Elsevier, 2013, pp. 91-110.
[7] G.Mori and J. Malik, “Recognizing objects in adversarial clutter: breaking a visual CAPTCHA”, IEEE Computer Society, 2003, pp. 134-144.
[8] J.Yan and A. S. E. Ahmad, “CAPTCHA security: a case study”, IEEE Security and Privacy, 2009, pp. 22-28.
[9] J.Yan and A. S. E. Ahmad, “CAPTCHA robustness: a security engineering perspective”, IEEE Computer Society, 2011, pp. 54-60.
[10] G.Moy, N. Jones, C. Harkless and R. Potter, “Distortion estimation techniques in solving visual CAPTCHAs”, IEEE Computer Society conference on Computer Vision and Pattern Recognition, 2004, pp. 23-28.
[11] S.Li, S. A. H. Shah, M. A. U. Khan, S. A. Khayam, A. R. Sadeghi, R. Schmitz, “Breaking e-banking CAPTCHAs”, Proceedings of the 26th Annual Computer Security Applications Conference, 2010, pp. 171-180.
[12] P.Baecher, N. Buscher, M. Fischlin and B. Milde, “Breaking reCAPTCHA: a holistic approach via shape recognition”, IFIP advances in information and communication technology, 2011, pp. 56-67.
[13] C.Cruz-Perez, O. Starostenko, F. Uceda-Ponga, V. A. Aquino and L. Reyes-Cabrera, “Breaking reCAPTCHAs with unpredictable collapse: heuristic character segmentation and recognition”, Springer, 2012, pp. 155-165.
[14] H.Gao, W. Wang, J. Qi, X. Wang, X. Liu, J. Yan, “The robustness of hollow CAPTCHAs”, ACM conference on computer and communications, 2013, pp. 1075-1086.
[15] B.B. Zhu, J. Yan, Q. Li, C. Yang, J. Liu, N. Xu, M. Yi and K. Cai, “Attacks and design of image recognition CAPTCHAs”, ACM conference on computer and communications security, 2010, pp. 187-200.
[16] C.J. Hernandez-Castro, A. Ribagorda, “Pitfalls in CAPTCHA design and implementation: the math CAPTCHA, a case study”, Computers and Security, Elsevier Advanced Technology, 2010, pp. 141-157.
[17] J.Tam, J. Simsa, S. Hyde, L. von Ahn, “Breaking audio CAPTCHAs”, Advances in Neural Information Processing Systems 21, 2008, pp. 1625-1632.
[18] E.Bursztein, R. Beauxis, H. Paskov, D. Perito, C. Fabry, J. C. Mitchell, “The failure of noise-based non-continuous audio CAPTCHAs”, IEEE symposium on security and privacy, 2011, pp. 19-31.