News Blog

Artificial intelligence smart enough to fool Captcha security check


Artificial intelligence smart enough to fool Captcha security check

Image copyright Getty Images
Image caption Computer scientists have developed AI algorithms smart enough to crack Captcha tests

Computer scientists have developed artificial intelligence that can outsmart the Captcha website security check system.

Captcha challenges people to prove they are human by recognising combinations of letters and numbers that machines would struggle to complete correctly.

Researchers developed an algorithm that imitates how the human brain responds to these visual clues.

The neural network could identify letters and numbers from their shapes.

The research, conducted by Vicarious – a Californian artificial intelligence firm funded by Amazon founder Jeff Bezos and Facebook's Mark Zuckerberg – is published in the journal Science.

What is Captcha?

The Captcha test, which means the "Completely Automated Public Turing test to tell Computers and Humans Apart", was developed in the late 1990s to prevent people from using automated bots to set up fake accounts on websites.

When logging into a website, users prove that they are human by solving visual puzzles, which requires identifying letters, digits, symbols or objects that have been distorted or animated in some way.

Computers usually struggle to pass such tests, and Google says that its reCaptcha test is so complicated that even humans can only solve it 87% of the time.

However, researchers from Vicarious claim that their computer algorithm can pick out distorted letters and digits from images.

Neural networks

To get computers to recognise images, computer scientists usually use neural networks, which are large networks of computers trained to solve complex problems.

A neural network contains hundreds of layers, inspired by the human brain, and each layer examines a different part of the problem. Eventually, the answer from all the layers is combined together to produce one final result.

However, neural networks have to be painstakingly trained using thousands of images that have been pre-labelled by humans, which makes it a very arduous task.

The team from Vicarious developed Recursive Cortical Network (RCN), a software which mimics actual processes in the human brain while requiring less computing power than a neural network.

The human brain has the ability to identify objects even if they are obscured by other objects, by recognising shapes and textures.

Vicarious has been developing algorithms for RCN that aim to identify objects by analysing pixels in an image to see if they match the outline of an object.

Captcha attacks

In 2013, Vicarious announced that it had cracked text-based Captcha tests used by Google, Yahoo, PayPal and with a 90% accuracy.

Since then, Captcha designers have made their tests more difficult to beat, but the researchers said in their new paper that the software was now able to pass Google's reCaptcha test 66.6% of the time.

The RCN software was also able to solve reCaptacha tests from Captcha generator BotDetect at a 64.4% success rate, Yahoo Captchas at a 57.4% success rate and PayPal at a 57.1% success rate.

Image copyright Vicarious / Science
Image caption The computer algorithm could crack modern Captcha tests with success rates of more than 50%

"We're not seeing attacks on Captcha at the moment, but within three or four months, whatever the researchers have developed will become mainstream, so Captcha's days are numbered," Simon Edwards, a cyber-security architect for data cyber-security firm Trend Micro Europe, told the BBC.

"The very nature of big data analysis and machine learning is that if you give it enough data to play with, it will eventually work out most things."

Mr Edwards said that typically within two months of security flaws being discovered, have-a-go hackers will start attacking every publicly-visible web server they can find, and so it is likely that Captcha tests on websites will soon be under siege.

"The technology has been around for a long time – there needs to be a better version of Captcha," he said.

"In my mind, the best form of authentication is two-factor. It's the only real way of getting around these problems."

Source –

Leave a Comment