Welcome to WebmasterWorld Guest from 54.224.121.67

Forum Moderators: incrediBILL & lawman

AI Solves CAPTCHAs With 66pct Accuracy

     
12:01 pm on Oct 27, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:24719
votes: 612


A new AI is resolving CAPTCHAs with 66% accuracy, compared to a human that is around 87%, mainly because if the interpretations of the image. Typically, if it can be resolved in 1% of the time is a broken CAPTCHA.

Clearly, new AI technology has become too strong to make CAPTCHAs provide any security of evidence of a human interaction. Personally, I always have trouble with the blurred words.
[motherboard.vice.com...]
1:23 pm on Oct 27, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:1238
votes: 367


Great Journalism on the part of Vice [insert sarcasm].

The article amounts to a statement equivalent to "I can pick a lock 66% of the time" There is no mention of what type of lock or how long it took pick it. At the end of the article is does mention the unCaptcha algo that claims to be able to defeat reCaptcha. When you dig deeper into the link provided you see that it can defeat it 81% of the time in 5.4 seconds using the audio.

We have evaluated unCaptcha using over 450 reCaptcha challenges from live websites, and showed that it can solve them with 85.15% accuracy in 5.42 seconds, on average: less time than it takes to even play the audio challenge!

source:http://uncaptcha.cs.umd.edu

The purpose of a Captcha is to slow a bot down. Bot's can be easily programmed to stop and get human intervention when faced with a Captcha. So the Captcha is by no means a perfect defense against bots. In fact there are services that allow hackers to get people in India solve Captcha for their bots. So Captchas were never intended as a perfect means of stoping bots. They are generally use in situations where you want to prevent bots from quickly repeating some task, such as leaving millions of spam comments, or brute force attacking a username and password log in.

So now lets review:
85.15% accuracy
5.42 seconds + less time than it takes to even play the audio challenge! (note the exclamation point...) so total time say 11 seconds.

24 * 60 * 60 (second in a day) / 11 * 0.81 ~= 63000 attempts.

A 6 letter password (no special characters or numbers) has 1 / 300 M probability. (26**6)

So at a rate of 66000 attempts a day it would take in the order of 4800 days to crack the password on average.

And one more point, there is no mention about resources needed. How much computing power and electricity is this going to cost an attacker.

In conclusion I think Captchas are not yet obsolete.
1:36 pm on Oct 27, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 13, 2002
posts:14627
votes: 392


That bot is at least as successful as I am in solving those captchas.

:P
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members