How “Predictive Text” Functionality can Reproduce Mnemonic Crypto Wallet Phrases by@z3nch4n

How “Predictive Text” Functionality can Reproduce Mnemonic Crypto Wallet Phrases

Redditor Andre accidentally discovered that smartphone's "predictive words" function guessed the mnemonic of his bitcoin wallet. The prediction function of mobile phone typing will suggest the second word after the user enters the first word. Google keyboard Gboard: No impact (Need to pay attention to whether the prediction function has been manually turned on). Samsung keyboard: Automatically enable "Automatic Alternate Text" and "Suggest Corrections" to record. Microsoft SwiftKey: Download, enable the app and start recording.
image
Zen Chan HackerNoon profile picture

Zen Chan

Interested in Infosec & Biohacking. Security Architect by profession. Love reading and running.

TL; DR - Redditor Andre, an information security practitioner, accidentally discovered that the smartphone's "predictive words" function guessed the mnemonic of his bitcoin wallet. He shared the process and the solution for Android and iOS phones.

"Predictive Words" Guess the Mnemonic Phrase

Redditor Andre previously shared this unique security issue on the Reddit forum. The mnemonic he mentioned refers to the 2,048 random numbers in the Bitcoin Improvement Protocol (BIP 39).


Andre pointed out that the prediction function of mobile phone typing will suggest the second word after the user enters the first mnemonic word, which means that when the mnemonic word is entered at that time, the mobile phone has recorded the mnemonic word entered by the user into the personal mnemonic word. In a custom dictionary, it can accurately suggest/predict 12-24 words.


According to his actual measurement results:

  • Google keyboard Gboard: No impact (Need to pay attention to whether the prediction function has been manually turned on).
  • Samsung keyboard: Automatically enable "Automatic Alternate Text" and "Suggest Corrections" to record.
  • Microsoft SwiftKey: Download, enable the app and start recording.


Clearing the Predicted Text Cache

Image by the author

Image by the author

Although it is still difficult to completely predict all the mnemonic words and their order, Andre pointed out that if someone who wants to get a mobile phone can do the followings:

  1. Open any chat app,
  2. Enter any word from the BIP39 list, and
  3. View the suggested words given by the mobile phone.

For safety reasons, I suggest you clear the cache of predicted words and take preventive measures.

Users can perform the following measures according to their own situations.

1. Check whether the mobile phone can predict the mnemonic:

Does the second word suggestion appear after entering the first mnemonic word appear? Andre emphasizes that English is not the primary language on his phone, so when he enters English words, the phone will automatically store less commonly used words.


2. Clear the prediction cache and turn off the predictive word function.

For Samsung keyboards, clearing the keyboard history needs to be reset:

  1. Go to settings
  2. Select language and input keyboard,
  3. Select Samsung keyboard reset to clear the personalized prediction, and
  4. Click Clear to turn off the predictive word function.

Refer to Samsung's official website for instructions.


The operations for iPhone users to clear the keyboard history are as follows:

  1. Open “Settings”
  2. Go to “General”
  3. Tap “Keyboard”
  4. Select “transfer or reset the iPhone.”
  5. Click “to reset the keyboard dictionary.”

Please note that this will wash out all the word suggestions. Please consider them for yourself.

You can refer to Apple's official website for predicted words or go to general settings, keyboard, and turn off "predicted words"


For Gboard users (usually the default keyboard for android devices), you can clear cache and data as follows:

  1. Open “Settings”
  2. Tap “Apps” or “Apps Manager”
  3. Select “Gboard“ from the list
  4. Tap “Storage & cache”
  5. Tap “Clear data“ and “Clear cache“

You can refer to Google’s official website to remove dictionary words, privacy settings, and how to turn off “learned words. “


To further protect your crypto assets, you can read my previous articles:

  1. Crypto Wallets Exposed "Mnemonic Phrase Vulnerabilities" (4 Already Fixed)
  2. Hacked: MetaMask User Lost US$81,000 In ETH
  3. Protect Your Crypto Wallets With InfoSec - The Three-Tier Wallet System



Thank you for reading. May InfoSec be with you🖖.

react to story with heart
react to story with light
react to story with boat
react to story with money
L O A D I N G
. . . comments & more!