Breaking reCAPTCHAv2

TL;DR

This paper demonstrates that advanced machine learning models can solve 100% of reCAPTCHAv2 challenges, revealing vulnerabilities in the system and showing that AI can bypass current image-based CAPTCHA defenses.

Contribution

It introduces a highly effective ML-based method to solve reCAPTCHAv2, surpassing previous success rates and analyzing the system's reliance on browser data.

Findings

Achieved 100% success rate in solving reCAPTCHAv2

Found no significant difference in challenges faced by humans and bots

ReCAPTCHAv2 heavily relies on cookie and browser history data

Abstract

Our work examines the efficacy of employing advanced machine learning methods to solve captchas from Google's reCAPTCHAv2 system. We evaluate the effectiveness of automated systems in solving captchas by utilizing advanced YOLO models for image segmentation and classification. Our main result is that we can solve 100% of the captchas, while previous work only solved 68-71%. Furthermore, our findings suggest that there is no significant difference in the number of challenges humans and bots must solve to pass the captchas in reCAPTCHAv2. This implies that current AI technologies can exploit advanced image-based captchas. We also look under the hood of reCAPTCHAv2, and find evidence that reCAPTCHAv2 is heavily based on cookie and browser history data when evaluating whether a user is human or not. The code is provided alongside this paper.