Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA


A three-year-old attack technique to bypass Google’s audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy.

Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept (PoC) of the attack on January 2.

“The idea of the attack is very simple: You grab the MP3 file of the audio reCAPTCHA and you submit it to Google’s own speech-to-text API,” Tschacher said in a write-up. “Google will return the correct answer in over 97% of all cases.”

Read more…