reCAPTCHA is Google’s name for its own CAPTCHA tool. CAPTCHA is an acronym for “Completely Automated Public Turing Test to Tell Computers and Humans Apart”. You have most likely seen a CAPTCHA when browsing a website or purchasing something online. They are the boxes that present you with a challenge to type characters shown or pick images with subjects involved. These simple challenges are “Turing Tests” which are used to test if someone or something is human.
The method that is used to bypass these reCAPTCHA’s has been used in the past with older versions of the tool. Using Google’s “Speech-to-Text” software, This tool converts audio it hears through a microphone into text. Its uses are usually for dictation, enabling people that may not be able to type to speak instead. But Google’s Speech-to-Text tool can also be used to bypass reCAPTCHA’s by downloading the audio mp3 file and feeding it into the speech-to-text tool.
The University of Maryland in the US has said. “Thanks to the changes to the audio challenge, passing reCAPTCHA is easier than ever before. The code now only needs to make a single request to a free, publicly available speech to text API to achieve around 90 percent accuracy overall.” what this means is that a simple program can download the audio file and feed it to the speech-to-text tool and get the results to bypass the reCAPTCHA. This could enable malicious programs or bots to make purchases on other people’s behalf if they have details or you have them saved.
Threat actors and companies that make CAPTCHA’s have been chasing each other around with ways to get around CAPTCHA and fixes for years. The hope is that one day there will be a solid test that is secure and can be done by anyone.