Skip to Content

MIT Technology Review

Sign in
Uncategorized

Once Again, CAPTCHAs Need to Get Harder

Software can solve video puzzles intended to prevent spam bots acting like humans.
February 24, 2012

It’s been getting harder to prove you’re a human online in recent years. The squiggly letters known as CAPTCHAs that protect websites against spam software have got more distorted, as the software has got better at reading them.

A screenshot of one of NuCaptcha’s puzzles.

That was why I thought it worth noting when NuCaptcha launched its video CAPTCHAs, which are easier for humans but still secure and have been adopted by sites including Groupon. Now researchers at Stanford suggest they, too will have to become more cryptic.

Elie Bursztein led the research, and explains on his blog how he designed software that compared multiple frames from NuCaptcha’s videos to spot and decode the jiggling letters needed to enter a site protected by a NuCaptcha puzzle. Video CAPTCHAs require the use of techniques not used against the puzzles before to isolate the puzzle amongst everything else in the footage, says Bursztein. But once software has located the string, but also provide multiple copies of the same puzzle, which makes it easier to solve. He reports that software that identifies video frames showing the CAPTCHA then goes back to the video to track the movement of the letters to accurately isolate them for recognition can beat NuCaptcha with close to 100 percent accuracy.

In response (full statement here), NuCaptcha have pointed out that their software tracks computers that solves their puzzles and serves up more complex versions than Bursztein cracked to very active solvers, which may be attackers. However, Bursztein says those harder versions pose little extra difficulty to his methods.

Fortunately, Bursztein also suggests that tweaks could make video CAPTCHAs even more secure than regular ones. If decoy objects designed to confuse video processing algorithms were added then CAPTCHA-cracking bots would not be able to tell which object needed decoding to beat the puzzle. Whether those designs also make it harder for humans to solve the puzzles is another matter. 

Given the gradual increase in the proportion of CAPTCHAs that I need more than one attempt to solve, I’m not optimistic.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

The problem with plug-in hybrids? Their drivers.

Plug-in hybrids are often sold as a transition to EVs, but new data from Europe shows we’re still underestimating the emissions they produce.

How scientists traced a mysterious covid case back to six toilets

When wastewater surveillance turns into a hunt for a single infected individual, the ethics get tricky.

Google DeepMind’s new generative model makes Super Mario–like games from scratch

Genie learns how to control games by watching hours and hours of video. It could help train next-gen robots too.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.