Cpvr
Rookie Contributor
For those familiar with browsing the internet, CAPTCHA challenges—where users are asked to identify everyday objects like bicycles or traffic lights from a grid of images—are a common method for proving they're human, not a bot. However, new research shows that locally run bots, equipped with advanced image-recognition models, can now match human accuracy in these challenges, even achieving a 100 percent success rate while being anything but human.
ETH Zurich PhD student Andreas Plesner and his team have released a pre-print paper focusing on Google's ReCAPTCHA v2, which tests users' ability to recognize objects in images. Google began phasing out this system years ago in favor of an "invisible" ReCAPTCHA v3, which relies on analyzing user behavior rather than presenting a direct challenge. Despite this, ReCAPTCHA v2 remains in use across millions of websites, and it is sometimes used as a fallback when v3 provides a low "human" confidence rating.
Beating CAPTCHAs with YOLO
To bypass ReCAPTCHA v2, Plesner's team used a fine-tuned version of the YOLO ("You Only Look Once") object-recognition model, which has previously been used in video game cheat bots. YOLO is renowned for its ability to detect objects in real-time and can be deployed on devices with limited computational power, making it a tool for large-scale attacks.
After training the model on 14,000 labeled traffic images, the researchers had developed a system capable of identifying the likelihood that any CAPTCHA grid image belonged to one of ReCAPTCHA v2's 13 object categories. For more complex "type 2" challenges, where a CAPTCHA asks users to identify certain segments of a single image, a separate YOLO model was used. However, this model could only handle nine of the 13 categories, requesting a new image when it encountered one of the four unsupported categories.
Additional measures were taken to fool ReCAPTCHA, including the use of VPNs to avoid detection from the same IP address and a custom mouse movement model to simulate human behavior. Fake browser and cookie data from real browsing sessions were also implemented to make the bot appear more human.
The YOLO model achieved varying accuracy rates depending on the object category, from 69 percent (motorcycles) to 100 percent (fire hydrants). With these combined efforts, the bot consistently bypassed CAPTCHA, sometimes even solving challenges faster than human users.
A new era for CAPTCHA-breaking bots
Previous studies using image-recognition models to solve ReCAPTCHAs only achieved a success rate of 68 to 71 percent. The researchers' jump to 100 percent success demonstrates that we're entering a new phase where traditional CAPTCHA systems are no longer foolproof. This isn't the first time bots have broken through CAPTCHA defenses—audio CAPTCHAs for visually impaired users were compromised as early as 2008, and by 2017, neural networks were defeating text-based CAPTCHAs.
As locally run AI continues to outperform humans in tasks like image-based CAPTCHA solving, the methods for verifying user identity are shifting toward more subtle techniques like device fingerprinting. A Google Cloud spokesperson noted that ReCAPTCHA v3, launched in 2018, focuses on protecting users without showing visual challenges. Today, most of ReCAPTCHA's protections are completely invisible across millions of sites, with continuous improvements being made.
Still, as AI systems become more adept at mimicking human behavior, distinguishing between humans and machines online will become increasingly difficult. As the authors of the research paper state, "A good CAPTCHA marks the boundary between the most intelligent machine and the least intelligent human." With AI rapidly closing this gap, creating effective CAPTCHAs is becoming more challenging than ever.
Source: https://arstechnica.com/ai/2024/09/...ptcha-in-another-triumph-of-machine-over-man/
ETH Zurich PhD student Andreas Plesner and his team have released a pre-print paper focusing on Google's ReCAPTCHA v2, which tests users' ability to recognize objects in images. Google began phasing out this system years ago in favor of an "invisible" ReCAPTCHA v3, which relies on analyzing user behavior rather than presenting a direct challenge. Despite this, ReCAPTCHA v2 remains in use across millions of websites, and it is sometimes used as a fallback when v3 provides a low "human" confidence rating.
Beating CAPTCHAs with YOLO
To bypass ReCAPTCHA v2, Plesner's team used a fine-tuned version of the YOLO ("You Only Look Once") object-recognition model, which has previously been used in video game cheat bots. YOLO is renowned for its ability to detect objects in real-time and can be deployed on devices with limited computational power, making it a tool for large-scale attacks.
After training the model on 14,000 labeled traffic images, the researchers had developed a system capable of identifying the likelihood that any CAPTCHA grid image belonged to one of ReCAPTCHA v2's 13 object categories. For more complex "type 2" challenges, where a CAPTCHA asks users to identify certain segments of a single image, a separate YOLO model was used. However, this model could only handle nine of the 13 categories, requesting a new image when it encountered one of the four unsupported categories.
Additional measures were taken to fool ReCAPTCHA, including the use of VPNs to avoid detection from the same IP address and a custom mouse movement model to simulate human behavior. Fake browser and cookie data from real browsing sessions were also implemented to make the bot appear more human.
The YOLO model achieved varying accuracy rates depending on the object category, from 69 percent (motorcycles) to 100 percent (fire hydrants). With these combined efforts, the bot consistently bypassed CAPTCHA, sometimes even solving challenges faster than human users.
A new era for CAPTCHA-breaking bots
Previous studies using image-recognition models to solve ReCAPTCHAs only achieved a success rate of 68 to 71 percent. The researchers' jump to 100 percent success demonstrates that we're entering a new phase where traditional CAPTCHA systems are no longer foolproof. This isn't the first time bots have broken through CAPTCHA defenses—audio CAPTCHAs for visually impaired users were compromised as early as 2008, and by 2017, neural networks were defeating text-based CAPTCHAs.
As locally run AI continues to outperform humans in tasks like image-based CAPTCHA solving, the methods for verifying user identity are shifting toward more subtle techniques like device fingerprinting. A Google Cloud spokesperson noted that ReCAPTCHA v3, launched in 2018, focuses on protecting users without showing visual challenges. Today, most of ReCAPTCHA's protections are completely invisible across millions of sites, with continuous improvements being made.
Still, as AI systems become more adept at mimicking human behavior, distinguishing between humans and machines online will become increasingly difficult. As the authors of the research paper state, "A good CAPTCHA marks the boundary between the most intelligent machine and the least intelligent human." With AI rapidly closing this gap, creating effective CAPTCHAs is becoming more challenging than ever.
Source: https://arstechnica.com/ai/2024/09/...ptcha-in-another-triumph-of-machine-over-man/
