Security Researchers at Standford have been able to use robots to bypass certain CAPTCHA systems with ease – in some cases up to 70% of the time. Digg, CNN, eBay, and Wikipedia were all successful targets in the operation. Google’s “ReCaptcha” was the only CAPTCHA system that was not able to be bypassed.
CAPTCHA in itself is an interesting system where users filling out online forms to sign up for a specific website are told to verify their status as a human before continuing. While questions to a form are always identical, it is easy for a bot to fill out fields by default. However, CAPTCHA introduces garbled text that only humans can truly decipher with relative ease. Every time you get the Captcha wrong, it typically gives you a new string of garbled text to decipher. Google’s ReCaptcha system presents a user with two words from a random digitized Google book – one word it already knows – the other it doesn’t completely know, but a human would. Thus, when a user enters in both words, it is able to use that data to translate text from scanned books into searchable text (rather just images).
This research proves that Captcha cannot solve everything, and companies need to improve their security systems soon.