Researchers from ETH Zurich have achieved a breakthrough in online security by developing bots that can flawlessly bypass Google’s reCAPTCHA v2, raising significant concerns over the future effectiveness of CAPTCHA systems.
AI Defeats CAPTCHA V2 with 100% Accuracy
Zurich, 12 October 2023 — In a striking development in the ongoing battle between technology companies and cyber operatives, researchers from ETH Zurich have demonstrated that locally run bots, using specially trained image-recognition models, can achieve human-level performance in defeating Google’s reCAPTCHA v2. The system, once a reliable bulwark against automated attacks, has now been breached with a 100% success rate by these bots, raising significant questions about the future of online security.
Andreas Plesner, a PhD student at ETH Zurich, alongside his colleagues, has released a pre-print paper detailing their research into this phenomenon. The study centres on Google’s reCAPTCHA v2, a system that challenges users to identify objects within street imagery grids—such as bicycles, crosswalks, traffic lights, etc.—to prove their humanity. Thousands of websites continue to rely on this older version of CAPTCHA, despite Google phasing it out years ago in favour of an “invisible” reCAPTCHA v3 that analyses user interactions instead of posing explicit challenges.
Using a fine-tuned version of the open source YOLO (“You Only Look Once”) object-recognition model, Plesner and his team developed a bot capable of navigating reCAPTCHA v2 challenges with remarkable precision. The YOLO model is highly regarded for its real-time object detection capabilities and can be deployed on devices with limited computational power. This allows for potential large-scale cyber-attacks by malicious users, according to the research team.
Training the YOLO model involved a dataset of 14,000 labelled traffic images, enabling it to calculate the probability that a CAPTCHA grid image belonged to one of 13 specific object categories reCAPTCHA v2 employs. Additionally, a pre-trained YOLO model was used for “type 2” challenges that require users to identify particular segments of a larger image.
Beyond harnessing advanced image-recognition models, the researchers also had to incorporate measures to evade CAPTCHA’s anti-bot strategies. They employed VPNs to mask repeated attempts from a single IP address and developed a specialised mouse movement model to replicate human-like activity. Incorporating fake browser and cookie data from actual web browsing sessions further enhanced the bot’s human-like appearance.
The results were compelling. Depending on the object in question, YOLO’s accuracy ranged from 69% (motorcycles) to 100% (fire hydrants). Combined with the other countermeasures, the bot managed to bypass CAPTCHA every single time, often requiring fewer attempts than a human participant in similar trials.
While similar studies attempting to break through reCAPTCHA barriers have recorded success rates between 68% and 71%, ETH Zurich’s results mark the first instance of a 100% success rate. This, experts in the field believe, signals the dawn of a new era beyond current CAPTCHA systems.
This isn’t the first challenge to CAPTCHAs: audio CAPTCHAs aimed at visually impaired users were compromised as early as 2008, and by 2017, neural networks had successfully decoded text-based CAPTCHAs with distorted font letters.
Google, aware of such vulnerabilities, responded through a spokesperson from Google Cloud, stating, “We have a very large focus on helping our customers protect their users without showing visual challenges, which is why we launched reCAPTCHA v3 in 2018. Today, the majority of reCAPTCHA’s protections across 7 million sites globally are now completely invisible. We are continuously enhancing reCAPTCHA.”
As artificial intelligence continues to advance, surpassing previously human-exclusive capabilities, it is becoming increasingly challenging to ensure that the user behind a web browser is genuinely a person.
The researchers conclude, “In some sense, a good captcha marks the exact boundary between the most intelligent machine and the least intelligent human. As machine learning models close in on human capabilities, finding good captchas has become more difficult.”
The continued evolution of AI and CAPTCHA systems underscores the relentless cat-and-mouse game between cyber defenders and those seeking to outwit them, highlighting the need for ever more sophisticated measures to secure the digital landscape.
Source: Noah Wire Services