News has broken that the unCaptcha automated system can once again bypass Google’s reCAPTCHA challenges, despite major updates to the security service. After unCaptcha was presented by researchers from the University of Maryland (UM), Google improved its security to bypass Google reCAPTCHA. Now unCaptcha has been modified and it is able to bypass Google reCAPTCHA again. The unCaptcha is able to bypass the audio challenges presented by reCAPTCHA, it could be also used to bypass other security systems such as BotDetect, Yahoo, and PayPal image challenges.
Expert Comments below:
Ryan Wilk, VP at NuData Security:
“Captcha in and of itself is only one piece of the authentication puzzle. If captcha is the only security layer, once the puzzle is broken, then the bad actor has won. To effectively solve the issue of automation attacks without creating a challenging customer experience, companies will need to implement a passive layered security solution, using behavioral analytics and passive biometrics, to accurately identify if the user is a human or a machine. If the sole source of identifying and mitigating automation is a shallow captcha puzzle with no intelligence behind it, get ready for 67%+ of all automation to get past security controls with ease.”