AICAPTCHA

As users navigate the web they face a multitude of threats; among them, attacks that result in account compromise can be particularly devastating. In a world fraught with data breaches and sophisticated phishing attacks, web services strive to fortify user accounts by adopting new mechanisms that identify and prevent suspicious login attempts. More recently, browser fingerprinting techniques have been incorporated into the authentication workflow of major services as part of their decision-making process for triggering additional security mechanisms (e.g., two-factor authentication). In this paper we present the first comprehensive and in-depth exploration of the security implications of real-world systems relying on browser fingerprints for authentication. Guided by our investigation, we develop a tool for automatically constructing fingerprinting vectors that replicate the process of target websites, enabling the extraction of fingerprints from users’ devices that exactly match those generated by target websites. Subsequently, we demonstrate how phishing attackers can replicate users’ fingerprints on different devices to deceive the risk-based authentication systems of high-value web services (e.g., cryptocurrency trading) to completely bypass two-factor authentication. To gain a better understanding of whether attackers can carry out such attacks, we study the evolution of browser fingerprinting practices in phishing websites over time. While attackers do not generally collect all the necessary fingerprinting attributes, unfortunately that is not the case for attackers targeting certain financial institutions where we observe an increasing number of phishing sites capable of pulling off our attacks. To address the significant threat posed by our attack, we have disclosed our findings to the vulnerable vendors

Interface Overview: This is the interface of our CAPTCHA system.

Option Types: Our CAPTCHA supports both random multiple-choice and single-choice selections, which requires users to listen to all options before making a choice.

Listening Services: We provide the ability to listen to all options at once, as well as individual options separately.

User Training: In addition, we offer a brief training session for every user of our CAPTCHA to ensure they understand concepts such as sine waves.

System Advancement: Furthermore, our CAPTCHA is designed to enhance existing CAPTCHA systems by extending them to engage deeper levels of human perceptual processing.

Our Mission: Our mission is not merely to create better CAPTCHAs, but to reflect on how humans can identify and preserve the qualities that distinguish us from AI in an era of rapidly advancing artificial intelligence.

Why did we choose the name “AICAPTCHA”?

Firstly, the “AI” in AICAPTCHA stands for audio illusion, highlighting the core concept behind our system.

Secondly, we wanted the name to immediately catch the attention of readers of our paper or our ideas by featuring the letters “AI.” This also subtly emphasizes our underlying goal: to explore and highlight the differences between humans and AI in perception.

Guide:

(1) If you are not familiar to the audio illusion, you can quickly read Page: Amazing Audio Illusion!

(2) If you wanna know current audio CAPTCHAs and try some demos, you can quickly read Page: Current Audio CAPTCHAs!

Page updated

Google Sites

Report abuse