Breaking The Google Audio Captcha.

I came across a nice piece of research from Wintercore[0]. Research that isn't talked or discussed about much. So I thought it might be an excellent idea to talk about it here, since breaking Captcha's has become a trend lately. Well, I am no expert on Captcha's nor on how to break them, but I understand that having predictable patterns in your Captcha makes it vulnerable to all sorts of attacks. From what I know, is that most Captcha's have predictable patterns, like the same font or the same font size and such. Wintercore however went on to investigate the Google audible Captcha, and found that it's pretty trivial to break with around 90% accuracy. Their demo video shows a 100% accuracy[1]. Pretty nice research, just for the fact of hacking c.q. an intellectual exercise and not for spamming of course.

According to Wintercore, the main problems present in this audio captcha are the following:

* Slightly distorted signal over the frequency domain.
* Signals have an invariant duration along the time axis.
* Same voice.
* Fixed patterns at the init, middle and end of the captcha.
* Numeric sequence as proposed challenge. (maybe the most important one)

So, it seems to me that whoever is engineering these things have absolutely no clue whatsoever about these issues. I mean, doesn't it sound plausible to avoid recurring patterns? How can you ever engineer something when you don't understand the problem you try to solve?

[0] http://blog.wintercore.com/?p=11
[1] http://blog.wintercore.com/files/breaking_gmail_audio_captcha.wmv