Proceedings of the 27th annual conference on Computer graphics and interactive techniques
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
Digital Image Processing (3rd Edition)
Digital Image Processing (3rd Edition)
Asirra: a CAPTCHA that exploits interest-aligned manual image categorization
Proceedings of the 14th ACM conference on Computer and communications security
Usability of CAPTCHAs or usability issues in CAPTCHA design
Proceedings of the 4th symposium on Usable privacy and security
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
WCRE '08 Proceedings of the 2008 15th Working Conference on Reverse Engineering
Machine learning attacks against the Asirra CAPTCHA
Proceedings of the 15th ACM conference on Computer and communications security
A low-cost attack on a Microsoft captcha
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Decaptcha: breaking 75% of eBay audio CAPTCHAs
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
Distortion estimation techniques in solving visual CAPTCHAs
CVPR'04 Proceedings of the 2004 IEEE computer society conference on Computer vision and pattern recognition
Re: CAPTCHAs: understanding CAPTCHA-solving services in an economic context
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Recognizing objects in adversarial clutter: breaking a visual captcha
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
On the necessity of user-friendly CAPTCHA
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
hPIN/hTAN: a lightweight and low-cost e-banking solution against untrusted computers
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Breaking an animated CAPTCHA scheme
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Breaking a 3d-based CAPTCHA scheme
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Breaking reCAPTCHAs with unpredictable collapse: heuristic character segmentation and recognition
MCPR'12 Proceedings of the 4th Mexican conference on Pattern Recognition
For human eyes only: security and usability evaluation
Proceedings of the 2012 ACM workshop on Privacy in the electronic society
| Hi-index | 0.00 |
Many financial institutions have deployed CAPTCHAs to protect their services (e.g., e-banking) from automated attacks. In addition to CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition techniques is proposed to break all e-banking CAPTCHA schemes that we found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by thousands of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible improvements to these e-banking CAPTCHA schemes and show essential difficulties of designing e-banking CAPTCHAs that are both secure and usable.