News ID: 203255
Published: 1012 GMT October 28, 2017

AI smart enough to fool Captcha security check

AI smart enough to fool Captcha security check
Computer scientists have developed AI algorithms smart enough to crack Captcha tests.

Computer scientists have developed artificial intelligence (AI) that can outsmart the Captcha website security check system.

Captcha challenges people to prove they are human by recognizing combinations of letters and numbers that machines would struggle to complete correctly, according to

Researchers developed an algorithm that imitates how the human brain responds to these visual clues.

The neural network could identify letters and numbers from their shapes.

The research, conducted by Vicarious — a Californian artificial intelligence firm funded by Amazon founder Jeff Bezos and Facebook's Mark Zuckerberg — is published in the journal Science.


What is Captcha?


The Captcha test, which means the ‘Completely Automated Public Turing test to tell Computers and Humans Apart’, was developed in the late 1990s to prevent people from using automated bots to set up fake accounts on websites.

When logging into a website, users prove that they are human by solving visual puzzles, which requires identifying letters, digits, symbols or objects that have been distorted or animated in some way.

Computers usually struggle to pass such tests, and Google said that its reCaptcha test is so complicated that even humans can only solve it 87 percent of the time.

However, researchers from Vicarious claim that their computer algorithm can pick out distorted letters and digits from images.


Neural networks


To get computers to recognize images, computer scientists usually use neural networks, which are large networks of computers trained to solve complex problems.

A neural network contains hundreds of layers, inspired by the human brain, and each layer examines a different part of the problem.

Eventually, the answer from all the layers is combined together to produce one final result.

However, neural networks have to be painstakingly trained using thousands of images that have been pre-labelled by humans, which makes it a very arduous task.

The team from Vicarious developed Recursive Cortical Network (RCN), a software which mimics actual processes in the human brain while requiring less computing power than a neural network.

The human brain has the ability to identify objects even if they are obscured by other objects, by recognizing shapes and textures.

Vicarious has been developing algorithms for RCN that aim to identify objects by analyzing pixels in an image to see if they match the outline of an object.

In 2013, Vicarious announced that it had cracked text-based Captcha tests used by Google, Yahoo, PayPal and with a 90 percent accuracy.

Since then, Captcha designers have made their tests more difficult to beat, but the researchers said in their new paper that the software was now able to pass Google's reCaptcha test 66.6 percent of the time.

The RCN software was also able to solve reCaptacha tests from Captcha generator BotDetect at a 64.4 percent success rate, Yahoo Captchas at a 57.4 percent success rate and PayPal at a 57.1 percent success rate.

Simon Edwards, a cyber-security architect for data cyber-security firm Trend Micro Europe, said, "We're not seeing attacks on Captcha at the moment, but within three or four months, whatever the researchers have developed will become mainstream, so Captcha's days are numbered.

"The very nature of big data analysis and machine learning is that if you give it enough data to play with, it will eventually work out most things."

Edwards said that typically within two months of security flaws being discovered, have-a-go hackers will start attacking every publicly-visible web server they can find, and so it is likely that Captcha tests on websites will soon be under siege.

He added, "The technology has been around for a long time — there needs to be a better version of Captcha.

"In my mind, the best form of authentication is two-factor. It's the only real way of getting around these problems."

Security Key:
Captcha refresh
Page Generated in 0/2171 sec