CAPTCHA is evil and must be stopped. This much we know. Here’s another nail in the coffin of the universally-loathed authentication system: it turns out that despite being designed to stop automated processes, CAPTCHAs can actually be easily cracked with the right kind of computing power.
It seems that the automated system which Google Street View uses to identify house numbers is also ridiculously good at cracking CAPTCHA messages. As Google explained in a blog post on the finding:
Turns out that this new algorithm can also be used to read CAPTCHA puzzles — we found that it can decipher the hardest distorted text puzzles from reCAPTCHA with over 99% accuracy. This shows that the act of typing in the answer to a distorted image should not be the only factor when it comes to determining a human versus a machine.
Apparently, the machine even cracked the CAPTCHAs pictured on this post, which is more than I could manage most days.
While Google doesn’t offer open access to its neural network, I suspect it’s only a matter of time before those results are replicated. And if that leads to the death of CAPTCHA, I’m all for it. Side note: Google says it now actually uses less distorted CAPTCHA graphics, as it can rely on other cues to distinguish human and machine input.
Street View and reCAPTCHA technology just got smarter [Google Online Security Blog]