An old attack method that uses voice-to-text to bypass CAPTCHA protections turns out to still work on Google s latest reCAPTCHA v3. Attacker Nikolai Tschacher posted a video proof-of-concept (PoC) of the attack on Jan. 2. Google rate-limits audio CAPTcha access; Google is likely tracking bot metrics; and, it creates a fingerprint of each browsing device to stop bots. The attack method was first introduced in 2017 by researchers at the University of Maryland, who then reported they achieved 85 percent accuracy with the tech they dubbed UnCAPTcha
Source: https://threatpost.com/researcher-breaks-recaptcha-speech-to-text-api/162734/