AI model beats CAPTCHA every time

A trio of AI researchers at ETH Zurich, Switzerland, has modified an AI-based, picture-processing model to solve Google's reCAPTCHAv2 human-testing system.

Andreas Plesner, Tobias Vontobel, and Roger Wattenhofer modified the You Only Look Once (YOLO) picture processing model to develop a new model capable of solving Google's CAPTCHA every time it tries. Their paper is available on the arXiv preprint server.

Over the past several decades, website administrators have used techniques to prevent autonomous bots from gaining access and causing problems. One approach was the model called Completely Automated Public Turing test to tell Computers and Humans Apart, known more widely as CAPTCHA—website admins could easily add the applet to their login process.

In 2007, Google released its own version of the applet, with the latest update called reCAPTCHAv2. As with other CAPTCHAs, Google's requires a user to click on a designated image to pass.

In this new effort, the team in Switzerland found that it did not take much effort to modify an existing AI model to give it the capability of passing Google's CAPTCHA.

The work involved modifying the YOLO model to recognize objects typically used by reCAPTCHAv2, such as cars, bridges and traffic lights. They then trained it on thousands of photographs of the same types of objects.

Testing showed that the model did not have to be 100% accurate because reCAPTCHAv2, like other CAPTCHAs, allows multiple attempts. That allowed the model to pass the CAPTCHA test every time it was tested. The researchers found that even if the new model failed on the first images, it would pass a second puzzle. They also noted that only 13 categories of objects were needed to teach the model to pass the puzzle.

Further testing of the model showed that it could fool even more sophisticated CAPTCHAs modified with features such as mouse tracking or browser history. The finding will undoubtedly result in new research to create CAPTCHAs that cannot be fooled by an AI system.