Cloudflare Says New hCaptcha Bypass Doesn't Impact its Implementation

Web infrastructure and website security provider Cloudflare told The Record last week that a recent academic paper detailing a method to bypass the hCaptcha image-based challenge system does not impact its implementation. From the report: The research paper, published last month by two academics from the University of Louisiana at Lafayette, targets hCaptcha, a CAPTCHA service that replaced Google's reCAPTCHA in Cloudflare's website protection systems last year. In a paper titled "A Low-Cost Attack against the hCaptcha System," researchers said they devised an attack that uses browser automation tools, image recognition, image classifiers, and machine learning algorithms to download hCaptcha puzzles, identify the content of an image, classify the image, and then solve the CAPTCHA's challenge. Academics said their attack worked with a 95.93% accuracy rate and took around 18.76 seconds on average to crack an hCaptcha challenge.

Read more of this story at Slashdot.