Stanford program cracks text-based CAPTCHAs, shelters the replicants among us
CAPTCHAs. In the absence of a Voigt-Kampff apparatus, they're what separate the humans from the only-posing-to-be-human. And now three Stanford researchers have further blurred that line with Decaptcha, a program that uses image processing, segmentation and a spell-checker to defeat text-based CAPTCHAs. Elie Bursztien, Matthieu Martin and John Mitchell pitted Decaptcha against a number of sites: it passed 66% of the challenges on Visa's Authorize.net and 70% at Blizzard Entertainment. At the high end, the program beat 93% of MegaUpload's tests; at other end, it only bested 2% of those from Skyrock. Of the 15 sites tried, only two completely repelled Decaptcha's onslaught -- Google and reCaptcha. So what did the researchers learn from this? Randomization makes for better security; random lengths and character sizes tended to thwart Decaptcha, as did waving text. How long that will remain true is anyone's guess, as presumably SkyNet is working on a CAPTCHA-killer of its own.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.