How “Predictive Text” Functionality can Reproduce Mnemonic Crypto Wallet Phrases

"Predictive Words" Guess the Mnemonic Phrase

Redditor Andre previously shared this unique security issue on the Reddit forum. The mnemonic he mentioned refers to the 2,048 random numbers in the Bitcoin Improvement Protocol (BIP 39).

Andre pointed out that the prediction function of mobile phone typing will suggest the second word after the user enters the first mnemonic word, which means that when the mnemonic word is entered at that time, the mobile phone has recorded the mnemonic word entered by the user into the personal mnemonic word. In a custom dictionary, it can accurately suggest/predict 12-24 words.

According to his actual measurement results:

• Google keyboard Gboard: No impact (Need to pay attention to whether the prediction function has been manually turned on).
• Samsung keyboard: Automatically enable "Automatic Alternate Text" and "Suggest Corrections" to record.
• Microsoft SwiftKey: Download, enable the app and start recording.

Clearing the Predicted Text Cache

Although it is still difficult to completely predict all the mnemonic words and their order, Andre pointed out that if someone who wants to get a mobile phone can do the followings:

1. Open any chat app,
2. Enter any word from the BIP39 list, and
3. View the suggested words given by the mobile phone.

For safety reasons, I suggest you clear the cache of predicted words and take preventive measures.

1. Check whether the mobile phone can predict the mnemonic:

Does the second word suggestion appear after entering the first mnemonic word appear? Andre emphasizes that English is not the primary language on his phone, so when he enters English words, the phone will automatically store less commonly used words.

2. Clear the prediction cache and turn off the predictive word function.

For Samsung keyboards, clearing the keyboard history needs to be reset:

1. Go to settings
2. Select language and input keyboard,
3. Select Samsung keyboard reset to clear the personalized prediction, and
4. Click Clear to turn off the predictive word function.

The operations for iPhone users to clear the keyboard history are as follows:

1. Open “Settings”
2. Go to “General”
3. Tap “Keyboard”
4. Select “transfer or reset the iPhone.”
5. Click “to reset the keyboard dictionary.”

Please note that this will wash out all the word suggestions. Please consider them for yourself.

For Gboard users (usually the default keyboard for android devices), you can clear cache and data as follows:

1. Open “Settings”
2. Tap “Apps” or “Apps Manager”
3. Select “Gboard“ from the list
4. Tap “Storage & cache”
5. Tap “Clear data“ and “Clear cache“

To further protect your crypto assets, you can read my previous articles:

1. Crypto Wallets Exposed "Mnemonic Phrase Vulnerabilities" (4 Already Fixed)
2. Hacked: MetaMask User Lost US$81,000 In ETH
3. Protect Your Crypto Wallets With InfoSec - The Three-Tier Wallet System

Thank you for reading. May InfoSec be with you🖖.