The classic CAPTCHA system has been the main barrier to internet bot defense. Its main goal is to separate bots from human users through simple tests and usage parameter analysis. Google’s reCAPTCHA is the most widely used on most websites and online platforms. However, an AI-powered captcha solver proved to be able to pass itself off as human to Google’s system 100% of the time.
An AI-powered captcha solver bypassed Google’s CAPTCHA with 100% effectiveness
There are multiple AI models available out there for all kinds of goals. YOLO (You Only Look Once) is a model designed for tasks related to image detection and identification. Andreas Plesner, Tobias Vontobel, and Roger Wattenhofer, a group of AI researchers at ETH Zurich (Switzerland), developed a project based on YOLO. They basically tweaked the model to make it able to solve Google’s reCAPTCHAv2 system with perfect accuracy.
The image-based Google’s reCAPTCHA system is a fundamental part of anti-bot security systems on the Internet. These security barriers aim to prevent bots from performing tasks like filling out forms or making online purchases. It is useful, for example, when products or services with limited availability are released and hundreds (or thousands) of bots take action. The system also seeks to prevent online interactions that generate falsified metrics. It can even be a barrier against classic DDOS attacks.
That said, the project by the ETH Zurich researchers showed that the reCAPTCHA system as we know it could have become obsolete.
The AI era is making classic Internet security barriers obsolete
In an era of AI where everything seems possible, it is not surprising that an AI-powered captcha solver can fool current security systems. After all, artificial intelligence is slowly transforming the tech industry, forcing current systems to adapt in order to remain competitive.
However, despite the fact that it is not uncommon, the project’s findings are still concerning. The researchers’ AI-powered captcha solver demonstrated 100% effectiveness in solving CAPTCHAs. In comparison, similar tools previously achieved 68–71% effectiveness. The research also found that Google’s reCAPTCHAv2 relies on browser cookies and history data to determine whether a user is human or bot. So, theoretically, a developer could take advantage of that to replicate a 100% effective captcha-solving bot.
It’s noteworthy that reCAPTCHAv2 is not Google’s only anti-bot system. The company also offers others, such as reCAPTCHA v3. The latter works mostly in the background, without image-based tests. However, reCAPTCHAv2 is still widely used because it provides tangible proof that there is a human user behind the screen. So, Google should also work on adapting reCAPTCHAv2 to AI-era possibilities.
2024-10-07 15:06:56