Skip to Content
Uncategorized

Once Again, CAPTCHAs Need to Get Harder

Software can solve video puzzles intended to prevent spam bots acting like humans.
February 24, 2012

It’s been getting harder to prove you’re a human online in recent years. The squiggly letters known as CAPTCHAs that protect websites against spam software have got more distorted, as the software has got better at reading them.

A screenshot of one of NuCaptcha’s puzzles.

That was why I thought it worth noting when NuCaptcha launched its video CAPTCHAs, which are easier for humans but still secure and have been adopted by sites including Groupon. Now researchers at Stanford suggest they, too will have to become more cryptic.

Elie Bursztein led the research, and explains on his blog how he designed software that compared multiple frames from NuCaptcha’s videos to spot and decode the jiggling letters needed to enter a site protected by a NuCaptcha puzzle. Video CAPTCHAs require the use of techniques not used against the puzzles before to isolate the puzzle amongst everything else in the footage, says Bursztein. But once software has located the string, but also provide multiple copies of the same puzzle, which makes it easier to solve. He reports that software that identifies video frames showing the CAPTCHA then goes back to the video to track the movement of the letters to accurately isolate them for recognition can beat NuCaptcha with close to 100 percent accuracy.

In response (full statement here), NuCaptcha have pointed out that their software tracks computers that solves their puzzles and serves up more complex versions than Bursztein cracked to very active solvers, which may be attackers. However, Bursztein says those harder versions pose little extra difficulty to his methods.

Fortunately, Bursztein also suggests that tweaks could make video CAPTCHAs even more secure than regular ones. If decoy objects designed to confuse video processing algorithms were added then CAPTCHA-cracking bots would not be able to tell which object needed decoding to beat the puzzle. Whether those designs also make it harder for humans to solve the puzzles is another matter. 

Given the gradual increase in the proportion of CAPTCHAs that I need more than one attempt to solve, I’m not optimistic.

Deep Dive

Uncategorized

Embracing CX in the metaverse

More than just meeting customers where they are, the metaverse offers opportunities to transform customer experience.

Identity protection is key to metaverse innovation

As immersive experiences in the metaverse become more sophisticated, so does the threat landscape.

The modern enterprise imaging and data value chain

For both patients and providers, intelligent, interoperable, and open workflow solutions will make all the difference.

Scientists have created synthetic mouse embryos with developed brains

The stem-cell-derived embryos could shed new light on the earliest stages of human pregnancy.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.