Anyone who has spent time browsing the internet is probably familiar with CAPTCHA challenges. These are the grids with street images where you have to pick out specific objects, like bicycles or traffic lights, to prove you’re human. The purpose of these challenges is to block automated bots from accessing websites. However, new research shows that bots are now able to solve these image-based CAPTCHAs with human-level accuracy, achieving a 100% success rate despite being machines.
Read More: Blackstone To Invest $13 Billion In AI Data Center In Uk
New Research Breaks reCAPTCHA v2
A PhD student from ETH Zurich, Andreas Plesner, and his team recently published a paper explaining their findings. They focused on Google’s reCAPTCHA v2, a system that asks users to identify objects in grid images. Although Google began moving away from reCAPTCHA v2 years ago in favor of a newer system (reCAPTCHA v3), millions of websites still rely on the older version. Even websites using the updated reCAPTCHA v3 occasionally fall back on reCAPTCHA v2 if they can’t confidently determine that a user is human.
Using YOLO to Beat the System
The researchers used a well-known object-recognition model called YOLO (“You Only Look Once”), which has also been used for cheat bots in video games. YOLO is great at detecting objects in real-time and can run on devices with limited processing power, making it a practical tool for large-scale attacks. After training the model on 14,000 images of traffic scenes, the bot could identify objects in the CAPTCHA grids, matching human accuracy. The bot used another model for specific challenges where users are asked to select parts of an image containing a certain object.
Fooling CAPTCHA with Human-Like Behavior
In addition to the image-recognition model, the researchers took extra steps to ensure the bot went undetected. They used a VPN to prevent being flagged for repeated attempts from the same IP address and created a model that mimicked human mouse movements. They also made the bot look more realistic by using real browsing data, including cookies and browser information.
Impressive Success Rates
The results were impressive. The bot’s accuracy ranged from 69% for motorcycles to 100% for fire hydrants. Overall, it was able to solve CAPTCHAs as well as a human, often completing them with fewer tries than a person in similar tests.
The Age Beyond CAPTCHAs
This breakthrough marks a major development in CAPTCHA-breaking technology. Previous studies using image-recognition models to solve reCAPTCHAs only succeeded about 68% to 71% of the time. Now, with a 100% success rate, it seems that we have officially entered a new era where traditional CAPTCHAs may no longer be effective.
A History of Bots Beating CAPTCHAs
This is not the first time bots have been used to defeat CAPTCHAs. Back in 2008, researchers demonstrated how bots could bypass audio CAPTCHAs designed for visually impaired users. By 2017, neural networks were also beating text-based CAPTCHAs, where users had to type letters shown in distorted images.
The Future of CAPTCHA Technology
Now that image-based CAPTCHAs can be cracked so easily, the focus will likely shift to more advanced methods of identifying human users. Google has already made strides with its reCAPTCHA v3 system, which is invisible to users and relies on analyzing behavior rather than offering a visual challenge. A Google spokesperson explained that reCAPTCHA v3 is now used across 7 million websites worldwide and that the company continues to improve its technology.
The Ongoing Challenge of Human Verification
As artificial intelligence continues to evolve, it’s becoming harder to differentiate between humans and bots. The paper’s authors reflect on this challenge, noting, “In some sense, a good CAPTCHA marks the boundary between the most intelligent machine and the least intelligent human.” As AI gets better, creating effective CAPTCHAs is becoming increasingly difficult.
