You probably know those annoying captchas that repeatedly ask you to click on all the traffic lights, trucks or pedestrian crossings to prove that you are not a robot. The very reason Daft Punk never had a Gmail account, in fact.
These CAPTCHAs, supposed to be our last defense against the invasion of machines, have just been destroyed by artificial intelligence. How surprising! (No)
Indeed, a new study has just demonstrated that AI is now capable of solving these famous puzzles with a success rate of 100%!
But before going any further, a little reminder for those who have been living in a cave in recent years: CAPTCHAs (which means “Completely Automated Public Turing test to tell Computers and Humans Apart” (pfiouuuu)), are tests visuals intended to differentiate humans from “bots” on the internet. Google popularized a very popular version called reCAPTCHAwhich you have surely already encountered during your wanderings on the web. And if you’ve ever spent 10 minutes trying to figure out whether that blurry pixel is part of a bike tire or not, you know how frustrating it can be.
But let’s return to our sheep, or rather to our artificial intelligences, the new electric sheep. Researchers from the Swiss Federal Institute of Technology in Zurich have developed a system based on advanced deep learning models, in particular the famous YOLO (You Only Look Once), capable of solving 100% of CAPTCHAs of the reCAPTCHA v2 type.
For the geekiest among you, know that they used a fine-tuned version of YOLOv8 trained on no less than 14,000 labeled traffic images.
But how on earth did they achieve this feat?
Here are the ingredients of their diabolical recipe:
1. A simple object recognition model : Their AI is capable of identifying with surgical precision the requested elements in the images, whether traffic lights, cars or pedestrian crossings…etc.
2. A well-oiled attack strategy : To bypass bot detection mechanisms, researchers used a VPN to change IP addresses with each attempt, simulated realistic mouse movements, and even added fake browsing data to appear more “human.”
3. A tailor-made approach for each type of CAPTCHA : The team has developed specific techniques to solve the different variants of reCAPTCHA v2, thus adapting to all situations.
The result?
A 100% success rate, even surpassing human performance! Indeed, the study showed that their AI solved CAPTCHAs on average faster and with fewer errors than human participants. Enough to seriously call into question the effectiveness of these tests in distinguishing men from machines. You’ll have to find something else, but don’t worry, it’s not tomorrow that robots will take control of your online accounts (although…). The researchers carried out this study within an ethical framework and of course shared their findings with Google and the scientific community. The objective being to improve online security, and of course not to create an army of evil bots ready to spam all the forums in the world (there must be 3 left online at the last count!).
So, what does the future hold for Captcha?
Google has already started rolling out reCAPTCHA v3, an “invisible” version that analyzes user behavior rather than asking them to solve visual puzzles. Other avenues are also being explored, such as the use of more abstract challenges or tests based on understanding the context. And perhaps one day, to prove that you are human, you will have to make an appointment with your proctologist who will provide you with a certificate to send to Google or Meta.
In the meantime, the next time you’re faced with a particularly difficult CAPTCHA, tell yourself that somewhere, an AI has probably already solved it faster than you. The balls ^^.
Source : Ars Technica
