Captchas may have finally met their maker.
Researchers at Stanford University have found a way to thwart those often impenetrable word jumbles that are meant to foil spam bots but succeed more frequently in vexing humans.
Only humans should be able to discern the captcha codes. But the Stanford team’s program, Decaptcha, renders the captcha images so they are readable by a computer. That potentially leaves sites that use captcha open to attacks from automated spammer programs.
Captcha stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” and was invented by a team at Carnegie Mellon University in 2000 as a way to discern humans from computers. Presumably only individual people can read and respond to Captchas.
Different companies use different captcha methods, but the researchers found that 13 of 15 of the top programs were vulnerable to attacks. In particular, Visa’s Authorize.net captcha failed 66 percent of the time and eBay’s failed 43 percent of the time. The program didn’t perform quite as well against Wikipedia, Digg and CNN, but still showed some success.
The researchers couldn’t fool reCAPTCHA, a more robust version of the software created in 2009. It also had trouble breaking Google’s system.
According to Physorg, Digg and Visa have already switched to the more secure reCAPTCHA system.
On social news site Reddit’s r/technology section, where users discussed the article, user snarfy explained why this switch would be a short-term solution, at best:
“It’s a stupid arms race that doesn’t solve anything. If a captcha works as designed and humans can answer it but computers cannot, the software will eventually catch up. At some point humans will not be able to answer them either and they become useless.”
Of course, if captcha is just a weapon in an anti-spammer arms race, just how unbearable will it’s next iteration be? The ultimate anti-spam tool, it seems, is one neither humans nor machines can break.
Art by Bekathwia