It was only a matter of time.  Hackers have found a way to hack Gmail’s CAPTCHA (Completely Automated Public Turing) system which could potentially allow them to send spam using Gmail accounts en masse.  CAPTCHA systems are used to tell humans apart from other computers to prevent this kind of thing.

Hackers could sign up for as many Gmail accounts as needed, automatically and that would allow their “reign of terror” begin.  It’s not as easy as it sounds, the CAPTCHA system used by Google is not easily tricked.

ArsTechnica did some checking into the work required to trick Google’s CAPTCHA system and it was quite a bit of work.  Two bot hosts were required to perform a successful hack.  Two were needed because the first host could fail at cracking the system and/or timeout.  The second system was in place to check the work of the first or to pick up from where it timed out or failed.

Only 20% the hacks were successful but it doesn’t matter.  Considering that thousands of requests could be sent in at once, 20% becomes a high success rate.

Traditional CAPTCHA systems will only be cracked more often as time goes on and newer systems will be needed to replace them.  Some may involve audio or other types of visual cues.  Not exactly ideal because users with disabilities may have trouble with them.

At least Google as able to put up more of a fight than Windows Live.  I guess that’s not really saying much, after all.

Related:

Entry was posted on Wednesday, February 27th, 2008 at 9:11 pm under Google, Security.

Read more entries by Jonathan Schlaffer.
Stumble It!