"The Carnegie-Mellon University team behind the reCAPTCHA service is continuing to expand its effort to mix basic security and useful work. CAPTCHAs are the distorted text that helps various online services ensure that the entity opening an account is a human, not a bot bent on using the service to dish out spam. The reCAPTCHA service puts the mental horsepower need to interpret these images to good use, harnessing it to identify text in scanned books where OCR software has failed. Now, the team has turned its attention to the audio CAPTCHAs used by the visually impaired.

Audio CAPTCHAs consist of a string of spoken characters, typically masked and distorted by a form of background noise. To start with, the researchers looked into the security of existing audio CAPTCHAs used by Google and Digg. In a paper that will be presented later this week at the Neural Information Processing Systems Conference, the authors demonstrate that these are relatively easy to crack.

The work involved gathering 1,000 audio CAPTCHAs from Google, Digg, and the reCAPTCHA service. 900 of these were used as a training set and the remaining 100 were set aside to test the system when done. The software first did a rough audio analysis, dividing each item into equal-sized chunks, each sufficiently long to fit any spoken character. Those segments with the highest energy peaks, which are considered most likely to contain actual letters, were set aside for analysis."

Continue Reading: http://arstechnica.com/news.ars/post/20081208-computer-scientists-find-audio-captchas-easy-to-crack.html