Experts believe

May 5, 2008 09:57 GMT  ·  By

CAPTCHAs are quite useless these days, especially when more and more hackers develop new techniques to break them. Companies around the world thought having found a solution, namely the audio CAPTCHAs, but the latest reports revealed that these are vulnerable too, even if they require users to enter an audio code. So, is there any chance to design unbreakable CAPTCHAs anytime soon? Experts say yes, pointing to more complex audio files accompanied by difficult questions supposed to provide only a tiny amount of information to a potential attacker.

Ruben Santamarta, R&D/Reverse Engineer, talked about this matter and even provided an example of a potential unbreakable CAPTCHA: a baby crying audio file accompanied by the following question: "What does represent this sound?".

As you can see, such a question doesn't provide too many details to an attacker like in other cases. For instance, what if the question asks: "What does this baby do?" "It exposes too much information to the "attacker", being suitable for a purely syntactic attack since a baby (dog, cat?) cannot do a lot of things?," Ruben Santamaria explains.

"99.9% of people can likely distinguish a dog barking from a cat meowing. Now, think for a while as you were a computer: how to distinguish a cat from a dog? - really difficult," he wrote on the Wintercore blog. "To make the issue harder to solve, now put that dog barking in the middle of a crowded and noisy street, even then, you likely know there is a dog messing around."

Obviously, these CAPTCHAs can get even more improved in order to become harder to solve. For instance, more sounds, more difficult questions and lots of effects such as distortion, speed playing changes and others might make a CAPTCHA pretty hard to break.