A new study from ETH Zurich researchers shows that Google's reCAPTCHAv2 system can be completely bypassed using advanced image recognition algorithms.
The ETH Zurich team developed a method to bypass reCAPTCHAv2 with 100% success using YOLO models for image segmentation and classification. Their system can automatically solve all three types of reCAPTCHAv2 tasks: classifying images in a 3x3 grid, segmenting a single image, and handling dynamic classification with changing images.
To train their models, the researchers used a dataset of about 14,000 labeled images for classification tasks. For segmentation, they used a pre-trained YOLOv8 model already trained on many classes.
The 100% success rate marks significant progress over previous studies, which only achieved 68-71% success in cracking reCAPTCHAv2. The researchers found that reCAPTCHAv2 relies heavily on cookie and browser data to identify human users. By using a VPN, realistic mouse movements, and browser data, their automated system went undetected.
The ETH Zurich team has published their source code to enable further research. They recommend expanding the dataset for segmentation tasks and investigating at what point continuous CAPTCHA solving triggers blocking.
