AI makes new progress, bypassing captcha

Google reCAPTCHAv2, one of the popular captcha systems, is "outsmarted" by AI when authenticating on the Internet.

In a paper published on arXiv , a platform for sharing carefully curated research, a team led by Andreas Plesner, a PhD student at ETH Zurich, demonstrated that AI can bypass Google's popular reCAPTCHAv2 authentication mechanism.

reCAPTCHAv2 displayed on a smartphone. Photo: Bao Lam

Captchas were developed by scientists at Carnegie Mellon University and IBM in 2000, to require users to prove they are not bots on the Internet. They are usually distorted numbers and letters, or various images, and users must enter exactly what is required to authenticate.

Captcha is considered a protective wall that helps websites avoid being attacked by automated software. In the reCAPTCHAv2 version, users need to identify objects appearing in the image, such as bridges, traffic lights, bicycles, cars, and boats.

To get around this, Plesner’s team used the You Only Look Once (YOLO) object recognition model, a bot that has been used to cheat in video games because of its ability to detect objects in real time and work well with systems with limited hardware power.

Initially, the team used a model trained on 14,000 traffic images. The result was a 100% success rate for captchas containing images of this type.

The team then fed in more diverse data with 13 popular image categories. The model worked successfully with 9 of the 13 categories. The initial captcha solving rate was only 69% with motorbike images, but then the rate increased thanks to the AI's self-learning ability. If it was difficult to identify, the AI ​​would ask the system to move on to a new captcha until it passed.

“In detailed experiments, we demonstrated that automated systems using advanced AI technology, such as YOLO, can successfully decode image-based captchas,” Plesner said. “This finding calls into question the reliability of captchas in distinguishing between humans and bots. In other words, current captchas may no longer be ‘immune’ to AI.”

Previously, most image recognition models were only successful around 70%. According to Tom's Hardware , the new research poses a challenge in authenticating bots on the Internet, as well as showing strong progress in machine learning models.

Google switched to reCAPTCHAv3 in 2018, which analyzes user interactions and is more effective at eliminating bot interference. However, millions of websites worldwide still use reCAPTCHAv2, leaving them vulnerable to automated attacks, according to Ars Technica .