Captcha tests are supposed to be a security measure that prevents bots from accessing websites or services that are meant for humans. However, a new study by researchers at the University of California, Irvine, has revealed that bots can easily outsmart Captcha tests and solve them faster and more accurately than humans.
Captcha tests are usually based on distorted text, audio, images, or puzzles that require human intelligence to solve. The idea is that humans can easily recognize the correct answer, while bots would struggle to do so. However, the study found that this is no longer the case, as modern artificial intelligence techniques have advanced to the point where they can crack Captcha tests with ease.
The researchers tested 120 websites that use Captcha and asked 1,000 online participants to take 10 Captcha tests each. They also compared the performance of humans with various bots that have been published in academic papers. The results showed that bots can solve distorted text, audio, and reCAPTCHA-v2 tests in less than a second with over 96% accuracy, while humans take between 9 and 15 seconds and have only 50 to 84% accuracy. The only test that showed similar accuracy levels between humans and bots was the reCAPTCHA-image test, where humans had 81% and bots had 85%.
“We found that the most widely used Captcha schemes are no match for modern artificial intelligence techniques,” said Mohammad Ghasemzadeh, one of the authors of the study. “The fact that humans are outperformed by bots in solving Captcha challenges is a sign of how far AI has progressed in recent years,” said Mohammad Norouzi, another author of the study.
The implications of this finding are alarming, as Captcha tests are widely used by websites to protect their content or services from malicious bots. For example, Captcha tests are often used to prevent spam, fraud, identity theft, phishing, or denial-of-service attacks. However, if bots can bypass Captcha tests with ease, then these websites are vulnerable to bot attacks that could compromise their security and privacy.
The researchers suggest that Captcha tests are no longer effective and should be replaced by better security methods. Some alternatives include behavioral analysis, device fingerprinting, and biometric authentication. These methods rely on more sophisticated ways of detecting whether a user is human or not, such as their mouse movements, browser settings, or facial features.
Relevant articles:
– Bots are better than humans at cracking ‘Are you a robot?’ Captcha tests, study finds, Yahoo News, 9 August 2023
– CAPTCHA: Bots are better at beating ‘are you a robot?’ tests than humans are, New Scientist, 8 August 2023
– How Effective is CAPTCHA? Why it’s Not Enough for Bot Protection, DataDome, 1 March 2023
– Do CAPTCHA and reCAPTCHA Protect WordPress Sites from Bots?, Akismet, 10 August 2023