15 minutes with ML cracking a verification code system
Everyone hates codes - the annoying pictures that show the text you type before landing on a website. The purpose of a design verification code is to prevent the computer from automatically filling in the form by verifying that you are real. But with deep learning and the rise of computer vision, CAPTCHA codes are often easily compromised.
I read "Deep Learning for Computer Vision with Python" by Adrian Rosebrock. In the book, Adrian describes how he used machine learning to bypass the code on the E-ZPass Web site in New York:
Adrian has no access to the source code used by the app to generate captchas. To break the system, he had to download hundreds of sample images and manually manipulate them to train his own system.
But what if we want to compromise an open source CAPTCHA system and we really have access to the source code?
I visited the WordPress.org plugin channel and searched for "verification code." The first search result is Really Simple CAPTCHA and has more than 1 million active installations:
The best part is that it is open source! Since we already have the source code to generate the verification code, then it should be quite easy to break. To make this more challenging, let's set a deadline for ourselves. Can we completely break this verification code system in 15 minutes? Try it!