IT West Ltd

From the blog

News from IT West

AI Cracks Captcha

An Artificial Intelligence (AI) algorithm has been developed that can fool the Captcha website security check system by mimicking how the brain processes images and visual clues.

CAPTCHA

Most of us will be familiar with the Captcha system that requires us to prove that we’re not robots by recognising and entering a series of apparently random letters and numbers into a field i.e. solving visual puzzles to complete a login process.

Captcha, which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”, was developed in the late 1990s as a counter-fraud measure, and to stop automated bots accessing and using websites and other online resources. If Captchas are not used, some of these bots can post spam comments in blogs, sign up for thousands of email accounts every minute e.g. on Yahoo, buy multiple tickets from ticket sites, gather email addresses (written in text) from web pages, distort online polls, and launch dictionary attacks on password systems. The use of Captchas can also offer full protection to pages that you don’t want indexed by search engines, and offer worm and spam protection.

Up until now, Captcha tests have been sufficient to separate humans from robots, and statistics show that the test is so complicated that even humans only pass it 87% of the time.

New System Beats Captcha

Details of the new Captcha-beating system have been published in the Journal of Science. The system was developed after research by Californian artificial intelligence company ‘Vicarious’, funded by Amazon founder Jeff Bezos and Facebook’s Mark Zuckerberg.

Rather than using ‘neural networks’ that would require large networks of computers in layers and extensive training of those computers to solve problems, the new, simpler, algorithm based-system from Vicarious has been designed to imitate how the human brain responds to visual clues.

Little Training, Good Results

Reports of the results of tests with the new Recursive Cortical Network (RCN) show that by being able to actually pick out distorted letters and digits from images, it can beat the Captcha system with minimal training (other AI programs have needed 50,000 times more training).

The RCN algorithm works by recognising contours, edges, shapes, and textures of an image, and analysing the pixels to try and find a match with the outline of an object.

Tests to date have shown that the new algorithm can accurately guess a Captcha image 66% of the time, and can correctly guess an individual character with 81% accuracy.

What Does This Mean For Your Businesses?

The Captcha system has helped businesses by providing an easy way to deter potentially costly, disruptive and damaging bot attacks and spam. Many tech commentators, however, believe that the Captcha system (which dates back to 2000) is now outdated, and at the very least, needs to be improved. Now that a new algorithm has been developed that can beat Captcha, many tech and security commentators fear that it will now only be a matter of months before a similar system is being used to attack Captchas on websites, which can only spell bad news for businesses.

Two-factor authentication has proven itself to be an effective security gateway for websites, and many see this as the way forward.

Given the big tech names involved in the development of the Captcha-beating algorithm, you could, however, be forgiven for thinking that they may have an idea about (or already have another system) that could replace it.