AI Can Crack CAPTCHA with 100% Accuracy

A recent study reported today by New Scientist (NS) reveals that AI can now solve CAPTCHAs with 100% accuracy.

Conducted by Andreas Plesner and his team at ETH Zurich, the research fine-tuned an AI model called YOLO (You Only Look Once), demonstrating its effectiveness in employing advanced machine learning techniques to tackle Google’s reCAPTCHA v2 system.

The researchers evaluated the performance of this automated system in solving CAPTCHAs using YOLO for image segmentation and classification.

The key finding is that YOLO can solve 100% of the CAPTCHAs, while previous models achieved only 68-71% success.

Moreover, the study indicates that there is no significant difference in the number of challenges humans and bots must complete to pass reCAPTCHA v2. Additionally, the study sheds light on the limitations of reCAPTCHA v2’s security mechanisms.

The researchers found that the system heavily relies on cookie and browser history data to determine whether a user is human or a bot. This approach, known as device fingerprinting, can be easily exploited by sophisticated AI systems, as reported by NS.

According to NS, to train the model, the researchers provided approximately 14,000 pairs of images with corresponding labels, focusing on various road objects like cars, buses, bicycles, and road crossings.

They tested YOLO’s performance in different scenarios, considering factors such as mouse movement and the presence of browser histories and cookies.

NS notes that a success rate of 100% does not imply that it answered correctly for every image presented; rather, it could reject certain images and be given alternatives, similar to human behavior.

The implications of these findings are significant. If AI can consistently bypass CAPTCHAs, it could open the door to a new wave of automated attacks, including spam, phishing, and account hijacking.

To counter this threat, the researchers emphasize the urgent need for CAPTCHA technologies to evolve proactively in light of rapid advancements in AI to ensure the ongoing reliability and security of online environments.