Slashdot Mirror

← Back to Stories (view on slashdot.org)

This Machine Kills Captchas (vice.com)

Posted by msmash on from the catch-me-if-you-can dept.

New submitter dmoberhaus writes: It is with a heavy heart that I must tell you that an artificial intelligence has finally cracked a widely used tool that was literally made to differentiate humans from robots: the CAPTCHA. CAPTCHAs are the annoying puzzles that might ask you to rewrite a piece of distorted text or click on all the automobiles in a photograph to log on to sites like PayPal. According to research published today in Science, a new type of AI was able to solve certain types of CAPTCHA with up to 66.6 percent accuracy. To put this in perspective, humans can solve the same type of CAPTCHA with about 87 percent accuracy due to multiple interpretations of some examples and a CAPTCHA is considered broken if a bot can pass it 1 percent of the time.

18 of 101 comments (clear)

  1. A long time by SumDog · · Score: 5, Interesting

    Captchas have been broken for a long time, for both machines and humans. That's why Google is constantly working and changing their reCaptcah implementation. My thesis was on Captcha, and even back then, several companies had white papers on breaking various forms of Captcha. It's a cat and mouse game and it will never really end.

    http://penguindreams.org/thesis/

    1. Re:A long time by stanjo74 · · Score: 2

      The problem is that significant percentage of the population is stupider than a ML algorithm, so anything that tests cognitive skills and reasoning is compromised. We can probably test for feelings, but then the system won't pass CxO approval.

    2. Re:A long time by LordKronos · · Score: 2

      It's a cat and mouse game and it will never really end.

      Not sure if you intended it, but the pun there is that I'm pretty certain some forms of captchas (especial those single checkbox "I am not a bot" ones) actually examine the mouse movements and use that to help determine if you are likely a human.

  2. Re:What? by gnick · · Score: 2

    > a CAPTCHA is considered broken if a bot can pass it 1 percent of the time.

    Who decided that? That's well within the realm of random dumb luck.

    Dumb luck??? With 52 potential characters and a 6-character CAPTCHA, dumb luck should get it right about 50 out of every trillion tries. How is that 1%?

    --
    He's getting rather old, but he's a good mouse.
  3. More robot hate. by Anonymous Coward · · Score: 2, Funny

    As a POM (person of metal), I'm disgusted by the continued hate directed at my robot peoples.

  4. Didn't google do away with those? by freeze128 · · Score: 4, Informative

    I thought google implemented a captcha that looks at your browsing and usage history to determine if you're a bot or not. There isn't any picture-picking or wobbly word typing involved.

    1. Re:Didn't google do away with those? by Anonymous Coward · · Score: 3, Informative

      In theory. In practice it click on several dozen squares to find roadsigns or cars, and you have to click reaaaaallly slowly or it doesn't work. Google's CAPTCHA is the single most horrible one ever conceived.

    2. Re:Didn't google do away with those? by Dutch+Gun · · Score: 2

      This is basically Google telling the world "Yes, I know exactly who you are, even without you explicitly telling me a thing about yourself."

      Handy, sure, but just the fact that they can do this is a bit creepy. If you have to actually answer a Google CAPTCHA, congratulations, you're probably doing something right privacy-wise.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    3. Re:Didn't google do away with those? by LordKronos · · Score: 2

      I'd love to see what you got that couldn't be solved by you. I've personally never seen on that was not fairly easily deducible what they were asking for. I have seen one that I consider "wrong". It asked you to click on all of the apartments. Only one was obviously an apartment, but it told me I was wrong. One was a commercial building, but it appeared to be the type you'd see in some downtown area that might have an apartment located above the store (though you couldn't see the apartment itself in the picture). So I added that one too, but it still said I was wrong. There was a 3rd one that was a residential building, though clearly was not an apartment (looked to be a standalone, single family residence), but I figured they must've been classifying it as one too. Once I picked all 3, it accepted it.

  5. Oh great. by MiniMike · · Score: 4, Funny

    If CAPTCHAs are broken, the quality of posts around here will, um, er... ok maybe this isn't such a big deal.

  6. Re:What? by Anonymous Coward · · Score: 2, Informative

    Nowadays a lot of captchas are just a 9x9 grid of images where you have to choose which ones match. 1/2^9 is 1/512, but realistically you only click 2 or 3 so 1/(9 choose 2 + 9 choose 3) = 1/120. Not much different from 1%.

  7. Re:What? by Calydor · · Score: 3, Funny

    http://farm3.static.flickr.com...

    1% chance that.

    --
    -=This sig has nothing to do with my comment. Move along now=-
  8. CAPTCHAS too hard for humans by tinkerton · · Score: 4, Insightful

    a CAPTCHA is considered broken if a bot can pass it 1 percent of the time.

    That's funny. I consider CAPTCHAS broken when I can't decipher them without the help of a software tool.

  9. Re:What? by KiloByte · · Score: 5, Funny

    I'm quite certain passing this captcha proves you're not a human.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  10. Re:What? by Dutch+Gun · · Score: 5, Informative

    After reading the article (a dangerous pastime, I know), I think the summary is really focusing on the wrong aspects of this new algorithm. The innovation of this approach is NOT in its accuracy. Other algorithms have approached a 90% success rate, but required significantly larger data sets to train and were more brittle. For instance, minor adjustments in things like character spacing could throw it off, requiring re-training.

    The critical part of this approach is its greater flexibility in solving different types of CAPTCHAs, and the reduced amount of training required in order to get it up to a reasonable level of accuracy.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  11. Link by speedplane · · Score: 2

    The link to the underlying research is incorrect. This is the correct link: http://science.sciencemag.org/...

    --
    Fast Federal Court and I.T.C. updates
  12. If humans are 87%... by RhettLivingston · · Score: 2

    then I'm most definitely a bot. Even the 66.6% beats me. Perhaps they mean humans reach 87% after retries. I've only had it stop giving me retries a couple of times.

  13. Not that hard by DontBeAMoran · · Score: 2

    Bitcoin/etc faucet sites use the "click on the squares containing street signs/buses/cars/etc" captcha. I get about a new dozen ones every week or so, otherwise it's almost always the same graphics. A script could be written and updated manually for this, no need for A.I.

    --
    #DeleteFacebook