Predictive input can “guess”your mnemonic phrase. So watch out for hacks.
Mnemonic phrases (seed phrases) are random combinations of words from the list established by the Bitcoin Improvement Protocol (BIP) 39. They represent the first level of protection against unauthorized access to a user’s crypto wallet. But what if your smart phone’s smart input could find those words when you wanted to access your wallet?
Predictive input can “guess”your mnemonic phrase
André, a 33-year-old IT professional from Germany, recently posted to the r/CryptoCurrency subreddit after discovering that his smartphone could predict an entire mnemonic phrase as soon as he types the first word. As a warning to other Reddit users and crypto enthusiasts, Andre’s post highlights how easy it is for a hacker to use this feature to wipe a user’s account simply by having access to the first word in the BIP 39 list: “This makes the attack easier. Pick up your phone, start a chat, type words from the BIP39 list and see what the phone has to offer.”
Beware of Hacks
After I managed to reproduce this scenario on several phones, “I thought I should warn people. I am sure that many users around the world are typing mnemonic phrases on their phones.” Andre’s various experiments confirm that the Google GBoard keyboard remains the least vulnerable, the program did not suggest all the words in the correct order. The Microsoft Swiftkey keyboard, on the other hand, predicts the original phrase almost instantly. Samsung Keyboard too, if “auto-replacement”and “suggested text corrections”options are enabled.
The security measure against this hack, again according to Andre, would be to store these underlying assets in a physical wallet. Also, “prevent these kind of accidents from happening to you by clearing the predictive cache.”