CAPTCHA Easily Bypassed

Security Researchers at Standford have been able to use robots to bypass certain CAPTCHA systems with ease – in some cases up to 70% of the time. Digg, CNN, eBay, and Wikipedia were all successful targets in the operation. Google’s “ReCaptcha” was the only CAPTCHA system that was not able to be bypassed.

CAPTCHA in itself is an interesting system where users filling out online forms to sign up for a specific website are told to verify their status as a human before continuing. While questions to a form are always identical, it is easy for a bot to fill out fields by default. However, CAPTCHA introduces garbled text that only humans can truly decipher with relative ease. Every time you get the Captcha wrong, it typically gives you a new string of garbled text to decipher. Google’s ReCaptcha system presents a user with two words from a random digitized Google book – one word it already knows – the other it doesn’t completely know, but a human would. Thus, when a user enters in both words, it is able to use that data to translate text from scanned books into searchable text (rather just images).

This research proves that Captcha cannot solve everything, and companies need to improve their security systems soon.




7 thoughts on “CAPTCHA Easily Bypassed

  1. This is an interesting hole in the CAPTCHA system. A lot of people assume that it is extremely safe, because robots shouldn’t be able to read what exists on a computer screen. This article only shows that it is absolutely imperative that you not get complacent with security. Nothing is truly safe.

  2. I hope they find a way to completely break them so that the whole system becomes completely useless. Captchas are incredibly annoying to the end user and they do nothing to help their security. The only reason they exist is to keep bots from creating multiple accounts or continuing on sites. If a an attacker was really interested in what they were trying to access then they can just have it so that bot prompts them to fill in the captcha, and then it can continue doing whatever it does. So really its no net gain in security and just an incredible hassle for the end user.

    • Have to disagree with you on this. Though CAPTCHA may seem like it’s just a hassle, imagine if it never existed. You probably wouldn’t have ‘gstofer’ on wordpress, you might not have your email username, or many other things. CAPTCHA makes a huge difference to websites that people visit frequently by providing something that takes you <10 seconds to input, while disalowing bots to create spam/random user names.

  3. The only other thing I can think of would be basic math problems – but a robot could easily read those and crack them as well. That said, when I had a blog some spammer hit the comments section of my blog with over 600 comments. When I implemented captcha, I got maybe 1 or 2 spammy posts per month.

    • Captcha, even though it does annoy me, is necessary to prevent large amounts of spam. To remove them from would cause high amounts of unnecessary spam on websites, forums. and blogs.

  4. Captcha is great it just needs to be made stronger. I am not really complaining until the is a product that is better and full prove Captcha does the job

  5. Thanks for the explanation on reCAPTCHA! I never knew how it was used to translate books before!

Comments are closed.