New Research Confirms AI Can Defeat Image-Based CAPTCHAs

• By David Ramel
• 09/30/24

Advanced AI can exploit CAPTCHAs designed to prove web actions are being performed by humans instead of machines, new research indicates.

"Current AI technologies can exploit advanced image-based captchas" is a snippet of text from the new paper, "Breaking reCAPTCHAv2," published this month by researchers at ETH Zurich University in Switzerland.

It improves upon rather than breaks new ground, as it pretty much confirms that advanced AI can tell which photos from a selection contain imagery of specific objects via Completely Automated Public Turing test to tell Computers and Humans Apart constructs. Previous research on defeating CAPTCHAs includes this from 2022 for text-based systems: "Cracking CAPTCHAs using Deep Learning." For investigating ways to crack visual CAPTCHA tests by an an automated deep learning-based solution, there is the 2020 paper, "Deep-CAPTCHA: a deep learning based CAPTCHA solver for vulnerability assessment."

Meanwhile, the new paper, authored by Andreas Plesner, Tobias Vontobel and Roger Wattenhofer, says, "Our work examines the efficacy of employing advanced machine learning methods to solve captchas from Google's reCAPTCHAv2 system."

It's just one of several CAPTCHA systems in the market.

"We evaluate the effectiveness of automated systems in solving captchas by utilizing advanced YOLO models for image segmentation and classification. Our main result is that we can solve 100% of the captchas, while previous work only solved 68-71%. Furthermore, our findings suggest that there is no significant difference in the number of challenges humans and bots must solve to pass the captchas in reCAPTCHAv2. This implies that current AI technologies can exploit advanced image-based captchas. We also look under the hood of reCAPTCHAv2, and find evidence that reCAPTCHAv2 is heavily based on cookie and browser history data when evaluating whether a user is human or not."

Indeed, previous related research, such as discussed in the May 2024 paper, "Oedipus: LLM-enchanced Reasoning CAPTCHA Solver," reported less effectiveness CAPTCHA dominance: "Our evaluation shows that Oedipus effectively resolves the studied CAPTCHAs, achieving an average success rate of 63.5\%."

While the new ETH Zurich paper provides no handy list of recommendations to address the problem, it does urge further research to "prioritize the development of captcha systems capable of adjusting to the complexity of artificial intelligence or explore alternative methods of human verification that can withstand the progress of technology."

However, as the problem has been known for years, such handy checklists do exist, at least to point out alternatives to CAPTCHAS, such as: "The Top 6 CAPTCHA Alternatives That Won't Frustrate Users." That list comes from Akismet, which offers up its own product, with other alternatives being honeypots, time-based form submissions, and improved or reimagined CAPTCHA systems. Indeed, there is already a reCAPTCHAv3.

Another improved CAPTCHA system was presented in the 2023 paper "New Cognitive Deep-Learning CAPTCHA," which states: "In this study, the authors improve the security for CAPTCHA design by combining text-based, image-based, and cognitive CAPTCHA characteristics and applying adversarial examples and neural style transfer."

Besides improved CAPTCHAs, other alternatives in addition to those listed in the Akismet article include Multi-Factor Authentication (MFA), biometric authentication, bot protection software and more.

Some specific commercial examples include:

• Cloudflare Turnstile: This verifies user authenticity without displaying traditional puzzles, employing non-intrusive challenges, and can be seamlessly integrated into any website, enhancing security while maintaining user convenience.
• DataDome: An advanced bot protection solution that operates in real-time to detect and mitigate automated threats. By analyzing user behavior and leveraging machine learning, DataDome provides robust security without relying solely on traditional CAPTCHAs. The site lists other alternatives, some previously mentioned, including MFA, Web Application Firewall (WAF),an anti-spam plugin and the popular honeypot.
• hCaptcha: This features passive and No-CAPTCHA modes, server-side API protection and more, available in different editions.
• Friendly Captcha: This is described as a privacy-first alternative that replaces conventional CAPTCHAs with tasks solvable by humans but hard for bots, emphasizing user privacy and offers an accessible approach to distinguishing between human and automated traffic.

Advanced AI is advancing rapidly, so it remains to see what the shelf life is for current alternatives.