C-FRAME: Characterizing and measuring in-the-wild CAPTCHA attacks
Hoang Dai Nguyen, Karthika Subramani, Bhupendra Acharya, Roberto Perdisci, Phani Vadrevu
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 4
The talk "C-FRAME: Characterizing and measuring in-the-wild CAPTCHA attacks" presents a groundbreaking measurement study on the prevalence and nature of real-world CAPTCHA abuse. Delivered by Hoang Dai Nguyen from Louisiana State University, in collaboration with researchers from Supa and the University of Chure, this work addresses a critical gap in cybersecurity research: the lack of empirical data on how modern CAPTCHAs are being circumvented in practice. While CAPTCHAs have been a ubiquitous bot mitigation mechanism for decades, their evolution, particularly the rise of **behavioral CAPTCHAs**, has introduced new complexities for both defenders and attackers, with little public understanding of the scale and methods of attack.
AI review
This talk presents C-FRAME, a novel and technically clever system for passively measuring real-world CAPTCHA attacks at an unprecedented scale. The empirical data reveals the pervasive nature and diverse categories of CAPTCHA bypass, offering critical, actionable intelligence for defenders and service providers to move beyond theoretical discussions.