If you’ve ever joined a website that uses reCAPTCHA, you’re familiar with the interface. You’re presented with two English words spatially obscured with lines. You must prove that you are not a robot by correctly entering them. One of the words is actually text from a scanned book that an OCR program couldn’t read. You’re just helpfully transcribing it and it has no effect on gaining access.  Now, Jonathan Wilkins of iSEC Partners is saying some robots may soon be slipping through as well.
 
In a series of tests, the iSEC automated system was able to manage a 17.5% reCAPTCHA success rate. While this doesn’t sound like a lot, those wishing to bypass reCAPTCHA authentication could have access to botnets of thousands of infected machines. Even a small success rate could spell big problems for website security. The system guessed 10% correct outright, and got one word correct in an additional 25%. Since it can be assumed that 50% of those words were the unknown book text, the success rate works out to the stated figure of 17.5%.

Google, who recently acquired reCAPTCHA, explained that the data was gathered in 2008 and doesn’t take into account changes to the system since then. "Therefore, this study does not reflect the effectiveness of reCAPTCHA's current technology against machine solvers. We've found reCAPTCHA to be far more resilient while also striking a good balance with human usability, and we've received very positive feedback from customers," Google said in a statement. Whether or not reCAPTCHA is broken, the internet arms race is sure to continue.

rob

Tagged with:

Filed under: News

Like this post? Subscribe to my RSS feed and get loads more!