Breaking e-banking CAPTCHAs

13 years 9 months ago

Download www.hooklee.com

Many financial institutions have deployed CAPTCHAs to protect their services (e.g., e-banking) from automated attacks. In addition to CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition techniques is proposed to break all e-banking CAPTCHA schemes that we found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by thousands of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible improvement...

Shujun Li, S. Amier Haider Shah, M. Asad Usman Kha

Real-time Traffic

ACSAC 2010 | Captcha | E-banking Captcha | E-banking Captcha Schemes | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	10 Feb 2011
Updated	10 Feb 2011
Type	Journal
Year	2010
Where	ACSAC
Authors	Shujun Li, S. Amier Haider Shah, M. Asad Usman Khan, Syed Ali Khayam, Ahmad-Reza Sadeghi, Roland Schmitz

Comments (0)

Sciweavers

Breaking e-banking CAPTCHAs

ACSAC 2010 | Captcha | E-banking Captcha | E-banking Captcha Schemes | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers