Researcher Defeats Google's reCAPTCHA Test
Researcher Defeats Google's reCAPTCHA Test
Posted 12/15/2009 at 5:01pm
| by Ryan Whitwam
3
Comments
Print
If you’ve ever joined a website that uses reCAPTCHA, you’re familiar with the interface. You’re presented with two English words partially obscured with lines. You must prove that you are not a robot by correctly entering them. One of the words is actually text from a scanned book that an OCR program couldn’t read. You’re just helpfully transcribing it and it has no effect on gaining access. Now, Jonathan Wilkins of iSEC Partners is saying some robots may soon be slipping through as well.
In a series of tests, the iSEC automated system was able to manage a 17.5% reCAPTCHA success rate. While this doesn’t sound like a lot, those wishing to bypass reCAPTCHA authentication could have access to botnets of thousands of infected machines. Even a small success rate could spell big problems for website security. The system guessed 10% correct outright, and got one word correct in an additional 25%. Since it can be assumed that 50% of those words were the unknown book text, the success rate works out to the stated figure of 17.5%.
Google, who recently acquired reCAPTCHA, explained that the data was gathered in 2008 and doesn’t take into account changes to the system since then. "Therefore, this study does not reflect the effectiveness of reCAPTCHA's current technology against machine solvers. We've found reCAPTCHA to be far more resilient while also striking a good balance with human usability, and we've received very positive feedback from customers," Google said in a statement. Whether or not reCAPTCHA is broken, the internet arms race is sure to continue.
More like this
jimgreig
December 16, 2009 at 5:05pm
I want that bot--It sometimes takes me 5-10 tries to correctly enter in the text--I usually just give up, call the 800 number, bitch at the customer service rep, and then order from a competitor. I HATE those f#&%!^g authentication word games!
Jim
edorsi
December 15, 2009 at 5:20pm
Anyone else think this "internet arms race" will end when a simple bot can process any image/text 100% of the time better than a human? Human users = weak link in internet security?
DasHellMutt
December 18, 2009 at 10:57am
Agreed. Interesting philosophical question: Ever stop to think how much useful technology and innovation comes about through someone trying to do something they're not supposed to do.....
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Can RIM *ever* catch a break? Not today! App World numbers not as great as previously reported http://t.co/3ERRhr3119 hours 23 min ago
- maximumpc: Solid state shakeup: Intel 520 SSD vs OCZ Octane vs Patriot Pyro SE! http://t.co/lXDufI7w20 hours 39 min ago
- maximumpc: Woman Ordered to Decrypt Laptop Claims She "Forgot" Key http://t.co/C2TCp4Ml21 hours 33 min ago
