Friday, August 18, 2023

 

Bots are better at CAPTCHA than humans, researchers find

Bots are better at CAPTCHA than humans, researchers find
Solving times for various types of CAPTCHAS. Boxes show the middle 50% of
 participants, and whiskers show the filtered range. Black vertical lines show 
the median. Credit: arXiv (2023). DOI: 10.48550/arxiv.2307.12108

It may be impossible to calculate the time spent and the financial and emotional costs of combating the bad guys lurking around the web, but one thing is for sure: Users and website operators both are getting fed up with all the obstacles they must deal with daily.

One of the leading nuisances for users are CAPTCHAs.

Developed 20 years ago to thwart hackers seeking to steal content, insert malicious posts, make fraudulent transactions or slow website traffic to a crawl, the acronym for this omnipresent line of defense clearly spells out its mission: Completely Automated Public Turing test to tell Computers and Humans Apart.

It's a laudable objective, but there are a few problems. One, they're not foolproof. Two, they are time-consuming. Three, they can be a tremendous nuisance. Is that zoomed-in mirror considered a bus if it's attached to a bus? Is a cropped photo of the bottom of a traffic light pole still a ? Is an elevated crosswalk a bridge?

As one anonymous pundit once suggested, "We thought it was our ability to love that made us human. But it turns out it is our ability to select each image that contains a truck."

And now there's a fourth reason to pull our hair out over the nuisance of CAPTCHAs. Bots, it seems, are better at solving them than humans are.

That's according to researchers at the University of California, Irvine, who tested 1,400 subjects on several types of CAPTCHAs. They found that bots are not only better at solving various forms of CAPTCHAs such as image recognition, puzzle sliders and distorted text, they're faster, too.

They suggest it's been a game of cat-and-mouse.

"CAPTCHAs have evolved in terms of sophistication and diversity," said Andrew Searles, an author of a paper titled "An Empirical Study and Evaluation of Modern CAPTCHAs," "becoming increasingly difficult to solve for both bots [machines] and humans." The study is published on the arXiv preprint server.

"But advances in computer vision and  have dramatically increased the ability of bots to recognize distorted text [with more than ] 99% accuracy … and bots often outsource solving to CAPTCHA farms—sweatshop-like operations where humans are paid to solve CAPTCHAs," he said.

In their study, researchers found bots cracked distorted-text CAPTCHAs correctly just under 100% of the time. Humans achieved between 50% and 84% accuracy. And humans required up to 15 seconds to solve the challenges; the  dispatched the problems in less than a second.

"We do know for sure that [the tests] are very much unloved," said Gene Tsudik, another author of the paper. "We didn't have to do a study to come to that conclusion. But people don't know whether that effort, that colossal global effort that is invested into solving CAPTCHAs every day, every year, every month, whether that effort is actually worthwhile."

Bots excelled at other varieties of CAPTCHAs, struggling most with image-based tests, on which they did slightly better than humans in accuracy and speed.

For Searles, the conclusion is clear.

"There's no easy way using these little image challenges or whatever to distinguish between a human and a bot any more," he said. Instead, he recommended capitalizing on AI advances to design "intelligent algorithms" that can better distinguish bot activity from human input.

More information: Andrew Searles et al, An Empirical Study & Evaluation of Modern CAPTCHAs, arXiv (2023). DOI: 10.48550/arxiv.2307.12108


Journal information: arXiv 


© 2023 Science X Network

New attack could make website security captchas obsolete

No comments: