Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can A Robot Fool 'I Am Not A Robot' Captchas? (businessinsider.com)

Posted by EditorDavid on from the humans-vs-robots dept.

Business Insider reports on a new video showing a robotic arm apparently defeating the "I am not a robot" captcha test. An anonymous reader quotes their report: The Captcha the robot fools tracks the user's mouse movements to make sure they're a "real" human. So rather than trying to trick it with software -- a tactic that can often be detected -- it goes down the hardware route. Using a capacitive stylus, the robot physically moves the mouse on the trackpad, as if it were a real human wiggling their finger around. The computer doesn't stand a chance.
So all you need is your own robotic arm -- although even then, it's apparently not that simple. The "I am not a robot" captcha grew out of Google's attempts to fight click fraud, according to a 2014 article in Wired, but it does more than watch mouse movements. It also "examines cues every user unwittingly provides: IP addresses and cookies provide evidence that the user is the same friendly human Google remembers from elsewhere on the Web," as well as some undisclosed variables, to create what Google describes as "a bag of cues."

13 of 54 comments (clear)

  1. Makes no sense by religionofpeas · · Score: 2

    If the software can send coordinates to the robot arm, it can also send them directly to the browser.

    1. Re:Makes no sense by gurps_npc · · Score: 2

      The detection software basically looks for perfection. The robotic intereface provides multiple places for imperfections. Rough mouse pads, electrical resistance, slightly off motors, all contribute small mistakes.

      It is these mistakes that fool the detection software, not the measured, identical commands.

      --
      excitingthingstodo.blogspot.com
    2. Re:Makes no sense by 0100010001010011 · · Score: 4, Interesting

      Write a bit of software to record raw mouse pad input. Do an FFT to see what noise there is. Add the noise back to your command signal.

    3. Re:Makes no sense by gurps_npc · · Score: 2

      Three choices:

      1) Real noise from robot, = no way to tell as it is real noise.

      2) Recording of real noise = good till they update the software to ignore that specific pattern of noise.

      3) Artificially generated noise (fake noise) based on multiple real noise samples = good till they detect a pattern in the fake noise, and then pattern is ignored. Basically you are now both building noise detection systems and the winner is the guy that is better.

      It makes more sense to just use the real noise. Why get into a noise detection war.

      --
      excitingthingstodo.blogspot.com
    4. Re:Makes no sense by religionofpeas · · Score: 4, Insightful

      A robot arm, trying to follow the same path over and over, will also produce very specific noise that could be detected. So you have the same problem, except it will be more work to generate different patterns.

    5. Re:Makes no sense by Hognoxious · · Score: 2

      A mechanical device is more likely to show a predictable pattern than a good simulation.

      Someone beat casino roulette wheels with this, IIRC.

      E.g. an uneven tooth on a cog will always show a change in speed at a particular position. With software you can choose a good source of randomness. You can choose several sources of randomness and switch between them - randomly.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    6. Re: Makes no sense by ihearthonduras · · Score: 2

      3) is an incorrect assessment. As an example it is very easy to generate 500 random data points sampled from a normal distribution mean 0 variance 1. It is much harder to go in reverse, taking those 500 points and saying "these come from a normal distribution mean 0 variance 1". Point is that the random number generation problem is significantly easier than the random number modelling problem. One possibility: Record a human mouse movement, and then just reuse that same movement every time. For them to search a database of all used movements would be prohibitively expensive.

  2. Pity I can't read TFA by OzPeter · · Score: 2

    The object to my adblocker. I object to the manner in which ads are served. And this story is not worth the $1 they want me to pay in order to keep my adblcoker on while I read it.

    --
    I am Slashdot. Are you Slashdot as well?
  3. Re:Shouldn't need an actual stylus by Anonymous Coward · · Score: 2, Insightful

    I keep tripping the I'm not a robot alarm anyway. Turns out they don't like text mode browsers.

  4. Re:Dino Arigato by Farmer+Tim · · Score: 3, Funny

    It means "thank you terrible lizard".

    --
    Blank until /. makes another boneheaded UI decision.
  5. Re: of course by Anonymous Coward · · Score: 2, Funny

    Our bestest Mandacrishna university teaches a 3 month Masters in PhD for rocket science. We accept credit cards. You will be a very good rocket science PhD, our priests guarantee it. Upon passing you will get H1B visa to work as an american scientist. No experience required.
    Revert us application for the same.

  6. Re:Wait a minute... by 0100010001010011 · · Score: 2

    This is how this works. You check the box then they check for a cookie set from a time you previously finished the captcha. In addition to checking if you're signed in to a Google account of some sort (Gmail, Google+, Youtube, etc).

    I want to see this work on a brand new browser install.

  7. Fake News, Clickbait, not a robot by slashkitty · · Score: 2

    This was a stupid remote controlled arm. This says nothing about robots being able to fool a clickbox.

    --
    -- these are only opinions and they might not be mine.