A joint team of researchers from Lancaster University and Northwest University and Peking University in China tested security through artificial intelligence testing.
Most websites have verification links including text verification codes and graphics verification codes to combat automated programs such as web robots and illegal crawling. However, websites that still use text verification codes are not likely to combat various automated programs.
Verification code cracker based on artificial intelligence technology:
The joint research team used the artificial intelligence technology to train the verification code model to crack the verification code, and finally, the most popular website verification codes were broken.
The method used by the research team is called a Generative Adversarial Network (GAN) technique. This new decoder does not require a large number of real verification code training instance models.
The model initially learns the basic crack by learning the verification code synthesizer and then optimizes and adjusts the model by identifying the real verification code.
The use of artificial intelligence technology makes the verification code-cracking work extremely time-consuming and the workload is very small, even if the ordinary computer can complete the verification crack.
The verification code can be successfully cracked in only 0.05 seconds:
After the initial learning and training, the cracker has been able to complete most of the cracks, and the verification code generated by the synthesizer is almost the same as the real verification code.
After the training, the researchers attacked and tested the real verification code of popular websites such as Microsoft, Wikipedia, eBay and Google.
Finally, the new artificial intelligence cracker can successfully crack the verification code within 0.05 seconds with the help of the desktop graphics card, that is, identify the complete character of the verification code.
The significance of the attack verification code is to improve security:
Although it has become common practice for ordinary users to enter various verification codes, as mentioned at the beginning of the article, these verification codes cannot stop illegal crawlers.
The researchers concluded that: “It allows an adversary to launch an attack on services, such as Denial of Service attacks or spending spam or fishing messages, to steal personal data or even forge user identities. Given the high success rate of our approach for most of the text captcha schemes, websites should be abandoning captchas”
The insights provided in this work can help security experts revisit the design and usability of text verification codes, ultimately improving the security of verification codes.