Researchers Discover That Google's Street View Technology Can Be Used to Decipher CAPTCHA Puzzles
If you've ever filled out an online form before then chances are you've seen those sometimes annoying authentication puzzles that you have to enter the numbers/letters from before submitting your input.
These short puzzles, which will often be accompanied by a disclaimer that tells you they're designed to “make sure you're not a robot,” are known simply as CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart), and up until recently they have been considered the internet standard for preventing automated spam.
CAPTCHAs No Longer Need Manual Solving
The premise is simple – only a human being can read the content of the puzzle since it is actually an altered image file and not a piece of text that a computer can read. However, with the advent of image analysis and shape/letter recognition software it is now possible for a computer to read the letters, numbers, and symbols within a picture.
CAPTCHA puzzle-creating algorithms use a variety of tricks to keep computers from deciphering the generated text, including adding random distortion, skewing, and other effects. The goal is to make the image too difficult for a machine to decipher yet legible enough for a human to read with a little bit of effort and concentration.
But, here's the issue:
According to GizMag, researchers have discovered that up to 99% of all CAPTCHA images can be deciphered using the same multi-digit number recognition technology that is used to catalog street address numbers found on buildings and mailboxes within Google's Street View imagery.
The results of this research have prompted Google to issue a statement suggesting that using CAPTCHA is not a fully fool-proof way to prevent automated spam entries in every instance.
So does this mean that webmasters should stop using CAPTCHAs altogether?
Absolutely not. Given that this small loophole was just recently discovered it really hasn't had much time to become a widespread exploit, so at the moment CAPTCHA puzzles remain an effective way to halt or at least slow down the rate of robot-generated spam submitted through web forms.
Google bought a company called reCAPTCHA in 2009 with the goal of learning more about how the concept of CAPTCHAs can be improved and strengthened. This company not only specializes in creating strong CAPTCHA images as an ongoing service, it also fully digitize pictures, scanned documents, and even printed books. Studies done by the experts at reCAPTCHA have been instrumental in strengthening the integrity of CAPTCHAs during the past 5 years.
No Widely Available CAPTCHA-Cracking Tools, Yet
Although any malicious software designed to decipher CAPTCHA puzzles is unlikely to be as effective as the digit recognition algorithm used in Street View, Google does its best to find flaws within the CAPTCHA system so that it can continually improve upon this type of user authentication.
Perhaps the most ironic part about this discovery being publicized is that now that hackers and blackhat developers are aware of this chink in the armor of CAPTCHA, it is only a matter of time before someone tries to create their own malicious CAPTCHA-solving code using an open source multi-digit number recognition software.
So, although this news is being shared with the world to advance the development and security of CAPTCHA, it could actually be exposing a weakness that most hackers might've otherwise overlooked. Then again, Google is taking a proactive approach by addressing the situation to let hackers know that they are aware of this potential exploit route and are taking action to fix it.