Computer scientists have developed a new artificial-intelligence (AI) based programme which can easily decode text captcha schemes commonly used by websites to protect themselves from cyber attacks.
The programme has been developed by an international team, including scientists from Lancaster University in the UK, Northwest University in the U.S. and Peking University in China. It is based on deep learning technique, and demonstrates much higher accuracy compared to other captcha attack systems in cracking the text captcha schemes, according to its creators.
The programme uses Generative Adversarial Network (GAN) technique to decode a captcha scheme. In GAN, a captcha synthesiser programme is taught to automatically generate training captchas identical to genuine captchas. These synthetic captchas are then used to train the base solver algorithm, which is fine-tuned further on a small set of real captchas. The approach, according to researchers, saves time and efforts of the developer (or potential attackers) as only 500 genuine captchas are required to effectively train the attack programme.
The team evaluated the performance of the programme by applying it to 33 captcha schemes. Eleven of these schemes are currently used by many of the world's top 50 popular websites, including Wikipedia, Google, eBay and Microsoft.
The programme demonstrated the most capable attack on text captchas seen to date. According to scientists, it can solve a captcha within 0.05 second using a desktop graphics processing unit (GPU). It can evade advanced security features used by modern text captcha schemes. Compared to four other text-captcha solvers, the new programme demonstrated much higher accuracy in solving captchas, while also proving its ability to crack the schemes, which others programmes failed to attack.
"It allows an adversary to launch an attack on services, such as Denial of Service attacks or spending spam or fishing messages, to steal personal data or even forge user identities," said Mr. Guixin Ye, the lead student author of the work.
"Given the high success rate of our approach for most of the text captcha schemes, websites should be abandoning captchas."
Researchers also suggest that websites should now consider using alternative security schemes involving multiple layers of security.
The findings of the research were presented at the ACM Conference on Computer and Communications Security (CCS) 2018 in Toronto.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago