Breaking reCAPTCHAv2
This demonstrates that current AI can exploit image-based captchas, posing a security threat for websites relying on reCAPTCHAv2.
The researchers tackled the problem of breaking Google's reCAPTCHAv2 system using machine learning, achieving 100% success rate compared to previous work's 68-71% and finding no significant difference between human and bot challenge requirements.
Our work examines the efficacy of employing advanced machine learning methods to solve captchas from Google's reCAPTCHAv2 system. We evaluate the effectiveness of automated systems in solving captchas by utilizing advanced YOLO models for image segmentation and classification. Our main result is that we can solve 100% of the captchas, while previous work only solved 68-71%. Furthermore, our findings suggest that there is no significant difference in the number of challenges humans and bots must solve to pass the captchas in reCAPTCHAv2. This implies that current AI technologies can exploit advanced image-based captchas. We also look under the hood of reCAPTCHAv2, and find evidence that reCAPTCHAv2 is heavily based on cookie and browser history data when evaluating whether a user is human or not. The code is provided alongside this paper.