We’ve all been online, trying to purchase some tickets for a show or log into Facebook when that obnoxious box pops up asking us to prove we’re not a robot by just clicking a checkbox or typing in some letters.
Most commonly we see a CAPTCHA, which is a rough acronym for Completely Automated Public Turing Test To Tell Computers and Humans Apart (yeah, CAPTCHA is easier).
So you roll your eyes, type the letters, occasionally cursing under your breath wondering why you have to do something so trivial just to post on your wall or send out that subtweet you’ve been stewing on.
Well, this may not be so simple anymore. According to research recently published in Science magazine, scientists have now have found a way to build an AI that can actually read the CAPTCHA’s you see in your browser AND break the test, allowing them to access a site despite being, well, a robot.
This is not unprecedented; around a decade ago Ticketmaster sued a company that was able to bypass its CAPTCHA system to buy tickets in bulk. That case, however, appeared to be simply an exploitation of a Ticketmaster’s defenses.
The claim is that this new tech will be able to break down the CAPTCHA by deconstructing the text in a much more complex and thorough way, with less specific instructions.
Scientists have been working with AI to try to give it the ability to think like a human (oh no) and they do this using a technique called deep learning. This process is about teaching the AI to look through layers of information, taking each new finding and applying it to its next layer, learning and remembering each time.
This informs the AI’s next decision, and so on. This all, as we’ve seen in films and on television for years, is just a way to get AI to “think” as much like a human brain as possible.
While this isn’t quite to the interrogating-a-possible-replicant level (see Blade Runner), this could be a huge security concern for web developers moving forward. According to a study done with this new AI, the model “was able to solve reCAPTCHAs at an accuracy rate of 66.6% …, BotDetect at 64.4%, Yahoo at 57.4% and PayPal at 57.1%.”
Time to start paying for things with cash again, am I right?
All this research is not only for learning how to break into websites, but for learning how the human’s think and applying that knowledge to building code that will function as closely as possible to the human brain.
Companies like Google have already moved on from basic CAPTCHA’s and it’s hard to say what impact this new discovery will actually have on information security, but this is just the way technology is moving.
While those CAPTCHA’s may be annoying, I’m willing to put in a couple extra seconds to prove I’m human. If AI continues to get smarter, so will the tests that determine who is human or not.