“You are a human?”. This question, followed by certain tests, has become almost a standard when registering on Internet websites. After all, we have to prove to the servers that we are and not some vile machine wanting to take advantage of the service’s vulnerabilities. Nevertheless, a recent study could confirm that bots are already better at solving CAPTCHA tests than the same humans.
The study, published in arXiv, was carried out by the University of California, and was carried out on 200 highly popular websites. According to the results, 120 of them were still using CAPTCHA systems to verify the identity of the user. In this way, 1,000 online participants, whose origins, situation and age were chosen in a diverse way, they got down to work with the intention of testing the effectiveness of these security methods.
Here, each of the thousand participants had to complete ten CAPTCHA tests of the chosen websites and then measure their difficulty. The result was unexpected. According to the researchers’ descriptions, some bots already known to the scientific community were capable of aging humans, both in speed and precision.
For example, some of the participants took between nine and fifteen seconds to complete the test, with an accuracy of between 50 and 84%. Nevertheless, to the bots it took them less than a second to solve the CAPTCHA, also offering an oscillating reliability of 85 and 100%. In most cases, this number stayed above 96%.
The problem of CAPTCHA tests and their uselessness in the age of bots
Although this research still needs to be reviewed, Their results allow us to draw some conclusions.. The first of these is the ineffectiveness of CAPTCHAs to protect the web from the presence of bots. In fact, the most affected seem to be human beings.
Not only bots already pose a threat to these systems. We have already seen cases in which artificial intelligence has managed to discover very creative ways to achieve its objectives. A couple of months ago, GPT-4 was posing as a blind person in an attempt to skip one of these tests, And he achieve it.
That is how bots have surpassed CAPTCHAs, and the latter are becoming more of a nuisance than a security measure. After all, they break the fluency when browsing the internet. In fact, some iPhone features attack just these tests, getting rid of most of them, as long as you browse using Safari.
A new generation of CAPTCHA tests
On the other hand, it seems that, in an attempt to curb the deductive capacity of bots, there are more and more CAPTCHA tests without a logical answer. A study of Vice revealed a few months ago the existence of a Discord group in which these types of irregularities were published.
In one of the cases, users were asked to identify all images in which a “Yoko” appeared. Yes, something that does not exist. As if this were not enough, an artificial intelligence had generated the photos of the blissful non-existent object, so recognizing what was in each one was just as complicated.
Ironically, the improvement of bots to solve these types of tests also has to do with the nature of CAPTCHAs. After all, in addition to being used to protect massive machine registries on a website or service, they are also used to train and improve artificial intelligence systems, making them prone to being systematically cracked and outperformed.