Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can A Robot Fool 'I Am Not A Robot' Captchas? (businessinsider.com)

Posted by EditorDavid on from the humans-vs-robots dept.

Business Insider reports on a new video showing a robotic arm apparently defeating the "I am not a robot" captcha test. An anonymous reader quotes their report: The Captcha the robot fools tracks the user's mouse movements to make sure they're a "real" human. So rather than trying to trick it with software -- a tactic that can often be detected -- it goes down the hardware route. Using a capacitive stylus, the robot physically moves the mouse on the trackpad, as if it were a real human wiggling their finger around. The computer doesn't stand a chance.
So all you need is your own robotic arm -- although even then, it's apparently not that simple. The "I am not a robot" captcha grew out of Google's attempts to fight click fraud, according to a 2014 article in Wired, but it does more than watch mouse movements. It also "examines cues every user unwittingly provides: IP addresses and cookies provide evidence that the user is the same friendly human Google remembers from elsewhere on the Web," as well as some undisclosed variables, to create what Google describes as "a bag of cues."

35 of 54 comments (clear)

  1. Shouldn't need an actual stylus by Some+nick+or+other · · Score: 1

    If it's possible to do by a robot arm, it should be possible to do by faking the input from the stylus system. All you'd need is something like a finite element model of the physical system involving the robot and stylus (in the very worst case).

    1. Re:Shouldn't need an actual stylus by Anonymous Coward · · Score: 2, Insightful

      I keep tripping the I'm not a robot alarm anyway. Turns out they don't like text mode browsers.

    2. Re:Shouldn't need an actual stylus by TeknoHog · · Score: 1

      Some years back, I wrote a couple of screen-scraping bots to play simple Flash games. I always added some random movements and timings just to be sure. I can't imagine being the first one to think of this (around 2008-2010 or so).

      --
      Escher was the first MC and Giger invented the HR department.
    3. Re:Shouldn't need an actual stylus by FatdogHaiku · · Score: 1

      Sometimes you really need the arm, but sometimes you wish you never built it...
      https://www.youtube.com/watch?v=r-VJLz65QhM

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    4. Re:Shouldn't need an actual stylus by duke_cheetah2003 · · Score: 1

      If it's possible to do by a robot arm, it should be possible to do by faking the input from the stylus system. All you'd need is something like a finite element model of the physical system involving the robot and stylus (in the very worst case).

      It was my thinking, the 'robot' could be as simple as a usb device that appears to the computer to be a mouse. I'd think one could easily enough program such a simulated mouse to jiggle and wiggle like a human using the mouse would.

  2. Makes no sense by religionofpeas · · Score: 2

    If the software can send coordinates to the robot arm, it can also send them directly to the browser.

    1. Re:Makes no sense by gurps_npc · · Score: 2

      The detection software basically looks for perfection. The robotic intereface provides multiple places for imperfections. Rough mouse pads, electrical resistance, slightly off motors, all contribute small mistakes.

      It is these mistakes that fool the detection software, not the measured, identical commands.

      --
      excitingthingstodo.blogspot.com
    2. Re:Makes no sense by 0100010001010011 · · Score: 4, Interesting

      Write a bit of software to record raw mouse pad input. Do an FFT to see what noise there is. Add the noise back to your command signal.

    3. Re:Makes no sense by gurps_npc · · Score: 2

      Three choices:

      1) Real noise from robot, = no way to tell as it is real noise.

      2) Recording of real noise = good till they update the software to ignore that specific pattern of noise.

      3) Artificially generated noise (fake noise) based on multiple real noise samples = good till they detect a pattern in the fake noise, and then pattern is ignored. Basically you are now both building noise detection systems and the winner is the guy that is better.

      It makes more sense to just use the real noise. Why get into a noise detection war.

      --
      excitingthingstodo.blogspot.com
    4. Re:Makes no sense by religionofpeas · · Score: 4, Insightful

      A robot arm, trying to follow the same path over and over, will also produce very specific noise that could be detected. So you have the same problem, except it will be more work to generate different patterns.

    5. Re:Makes no sense by djinn6 · · Score: 1

      Artificially generated noise (fake noise) based on multiple real noise samples = good till they detect a pattern in the fake noise, and then pattern is ignored.

      1. There may not be any pattern in the fake noise for you to detect. If I generate the noise not by using real noise samples but by using a cryptographic hash, then you cannot detect any patterns in it, because that's what a cryptographic does.

      2. Pattern detection may take too long. If I hack 10 peoples computers and record what they're doing with their mouse, I'll have a continuous stream of mouse movement samples and new noise patterns.

      3. All else fails, I can run a physical simulation of a robot, and capture noise down to the physical level.

      Most importantly, using a real robot does not get around the fact that it has a particular set of imperfections that might have a detectable pattern, and because its a real robot, it would take much more effort to remove that pattern, versus a simulated robot.

    6. Re:Makes no sense by Hognoxious · · Score: 2

      A mechanical device is more likely to show a predictable pattern than a good simulation.

      Someone beat casino roulette wheels with this, IIRC.

      E.g. an uneven tooth on a cog will always show a change in speed at a particular position. With software you can choose a good source of randomness. You can choose several sources of randomness and switch between them - randomly.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    7. Re: Makes no sense by ihearthonduras · · Score: 2

      3) is an incorrect assessment. As an example it is very easy to generate 500 random data points sampled from a normal distribution mean 0 variance 1. It is much harder to go in reverse, taking those 500 points and saying "these come from a normal distribution mean 0 variance 1". Point is that the random number generation problem is significantly easier than the random number modelling problem. One possibility: Record a human mouse movement, and then just reuse that same movement every time. For them to search a database of all used movements would be prohibitively expensive.

  3. Pity I can't read TFA by OzPeter · · Score: 2

    The object to my adblocker. I object to the manner in which ads are served. And this story is not worth the $1 they want me to pay in order to keep my adblcoker on while I read it.

    --
    I am Slashdot. Are you Slashdot as well?
  4. They defeat humans regularly by Patent+Lover · · Score: 1

    I can't stand the captchas where I can't possibly read what the fuck the letter/number/??? is.

    1. Re:They defeat humans regularly by antdude · · Score: 1

      These days, I see images like "select images that are store fronts". Argh!

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  5. Re:Dino Arigato by Farmer+Tim · · Score: 3, Funny

    It means "thank you terrible lizard".

    --
    Blank until /. makes another boneheaded UI decision.
  6. Re: of course by Anonymous Coward · · Score: 2, Funny

    Our bestest Mandacrishna university teaches a 3 month Masters in PhD for rocket science. We accept credit cards. You will be a very good rocket science PhD, our priests guarantee it. Upon passing you will get H1B visa to work as an american scientist. No experience required.
    Revert us application for the same.

  7. Re:Wait a minute... by 0100010001010011 · · Score: 2

    This is how this works. You check the box then they check for a cookie set from a time you previously finished the captcha. In addition to checking if you're signed in to a Google account of some sort (Gmail, Google+, Youtube, etc).

    I want to see this work on a brand new browser install.

  8. Adversarial networks by ShanghaiBill · · Score: 1

    Or you could use generative adversarial networks. Basically, you set up two neural networks: one tries to simulate human mouse movements, and the other tries to detect non-human behavior. You pit them against each other in a loop, so they drive each other's improvement.

    1. Re:Adversarial networks by Some+nick+or+other · · Score: 1

      That's interesting. One problem I've happened upon when playing with adversarial learning like that (though in a genetic algorithm context) is that the programs forget what has happened before; e.g. in a rock-paper-scissors setting, the first system learns rock, then the second learns paper, then the first learns scissors, then the second learns rock and you're back where you started. Presumably they have some way of avoiding this with GANs.

    2. Re:Adversarial networks by ShanghaiBill · · Score: 1

      Presumably they have some way of avoiding this with GANs.

      You just use many (millions at least) samples of human data. You mix the computer generated movements in with the human, and let the 2nd network try to discriminate which are which. You can prevent overfitting by inserting a little random noise into the human samples.

  9. Tracking blocker causes false positive by tepples · · Score: 1

    And before the peanut gallery calls you an "entitled millennial cheapskate":

    I use Firefox Tracking Protection, which blocks resources that track the user from one site to another. The functionality is similar to that of the Disconnect extension. But the detection code used by WIRED is so coarse grained that it can't tell an ad blocker from a tracking blocker. The site makes no attempt to fall back to serving ads that don't track users in this manner.

    1. Re:Tracking blocker causes false positive by tepples · · Score: 1

      Newspapers don't get to track what other publications their readers read. Why should websites?

  10. Fake News, Clickbait, not a robot by slashkitty · · Score: 2

    This was a stupid remote controlled arm. This says nothing about robots being able to fool a clickbox.

    --
    -- these are only opinions and they might not be mine.
    1. Re:Fake News, Clickbait, not a robot by freeze128 · · Score: 1

      This was done by a human using a robot to move the mouse pointer. The robot itself has no optics to determine where the mouse pointer is. It has no intelligence at all.

      If the creators of this video wish to refute my claim, then I say, "OK, now click that box 10 Million more times and automate the download of content". I bet you they can't/won't do it.

  11. Arm is slow enough by jader3rd · · Score: 1

    If it involves an arm it's slow enough to prevent the kind of mass fraud this is designed to defeat.

  12. So where is the weakest link? by Provocateur · · Score: 1

    I said it once, for the thousandth time, I never use a touchpad EVER, you insensitive one-armed clod!

    --
    WARNING: Smartphones have side effects--most of them undocumented.
  13. It's a play on words by allo · · Score: 1, Interesting

    Google writes "i am not a robot", but actually means "i am not a simple piece of automated code, but a full featured webbrowser used with a mouse with realistic movement patterns". Probably some more advanced plugin for systems like selenium would do better than a robot arm, but a simple "curl" script won't fool google. That's the point. Their image puzzles are very repetative as well and a good machine learning algorithm should beat them soon. Its really about collecting some behaviour patterns inside the browser, not about robots.

    1. Re:It's a play on words by T.E.D. · · Score: 1

      Google writes "i am not a robot", but actually means "i am not a simple piece of automated code, but a full featured webbrowser ...".

      That would explain why I don't always see those captchas on my old IE browser I use at work.

    2. Re:It's a play on words by allo · · Score: 1

      Yep, this doesn't work for me either. And then it falls back either to traffic signs (works good) or house numbers (which usually loads like 10 new images when you clicked all correct numbers).

  14. Re:Wait a minute... by allo · · Score: 1

    I learned it as well from this video. Some mouse movements seem to make the image patterns go away, in many cases even when you deleted cookies. I am not sure, if the site can decide to use a "higher security" captcha, which enforces clicking, though.

  15. Captchas are just like door locks. by mmell · · Score: 1

    They're a fairly defeatable technology - but they do serve to keep honest people honest.

  16. Make humans do it. by joboss · · Score: 1

    In the worst case you can proxy the capture. Solve it for one site solve it for another. How do you know when you fill a capture if it's one from a bot or genuine for the site? This is how: Make your own site, capture script (put it on stack overflow, npm, composer, etc everyone will copy and pasta it without checking) or something, make your bot. Your bot constantly puts captchas on a buffer. When a site needs it if the buffer is empty it generates, else it uses on off the buffer. Then it just forwards the success result. If you captcha site has good load the buffer can always be quickly consumed. Really good if you have enough control to just make it appear for a user already logged in to continue.

  17. Re:Dino Arigato by syntotic · · Score: 1

    Who was that AC? It is one of the computers stolen from me. Mind this, eh? I need all files back.