The “Predictive Text” Function of the Mobile Phone Keyboard Perfectly Reproduces the Mnemonic…

Cybersecurity | Crypto

“Predictive Text” Guess the Mnemonic Phrase

Image by [Pedros.lol](commons.wikimedia.org/wiki/User:Pedros.lol "User:Pedros.lol") from wikimedia

TL; DR — Redditor Andre, an information security practitioner, accidentally discovered that the smartphone’s “predictive words” function guessed the mnemonic of his bitcoin wallet. He shared the process and the solution for Android and iOS phones.

Redditor Andre previously shared this unique security issue on the Reddit forum. The mnemonic he mentioned refers to the 2,048 random numbers in the Bitcoin Improvement Protocol (BIP 39).

Andre pointed out that the prediction function of mobile phone typing will suggest the second word after the user enters the first mnemonic word, which means that when the mnemonic word is entered at that time, the mobile phone has recorded the mnemonic word entered by the user into the personal mnemonic word. In a custom dictionary, it can accurately suggest/predict 12–24 words.

According to his actual measurement results:

• Google keyboard Gboard: No impact (Need to pay attention to whether the prediction function has been manually turned on).
• Samsung keyboard: Automatically enable “Automatic Alternate Text” and “Suggest Corrections” to record.
• Microsoft SwiftKey: Download, enable the app and start recording.

Clearing the Predicted Text Cache

Image by the author

Although it is still difficult to completely predict all the mnemonic words and their order, Andre pointed out that someone who wants to get a mobile phone can do the followings:

1. Open any chat app,
2. Enter any word from the BIP39 list, and
3. View the suggested words given by the mobile phone.

For safety reasons, I suggest you clear the cache of predicted words and take preventive measures.

Users can perform the following measures according to their own situations.

1. Check Whether the Mobile Phone Can Predict the Mnemonic:

Does the second word suggestion appear after entering the first mnemonic word appear? Andre emphasizes that English is not the primary language on his phone, so when he enters English words, the phone will automatically store less commonly used words.

2. Clear the Prediction Cache and Turn off the Predictive Word Function

Samsung

For Samsung keyboards, clearing the keyboard history needs to be reset:

1. Go to settings
2. Select language and input keyboard,
3. Select Samsung keyboard reset to clear the personalized prediction, and
4. Click Clear to turn off the predictive word function.

Refer to Samsung’s official website for instructions.

Apple

The operations for iPhone users to clear the keyboard history are as follows:

1. Open “Settings”
2. Go to “General”
3. Tap “Keyboard”
4. Select “transfer or reset the iPhone.”
5. Click “to reset the keyboard dictionary.”

Please note that this will wash out all the word suggestions. Please consider them for yourself.

You can refer to Apple’s official website for predicted words or go to general settings, keyboard, and turn off “predicted words”.

Google

For Gboard users (usually the default keyboard for android devices), you can clear cache and data as follows:

1. Open “Settings”
2. Tap “Apps” or “Apps Manager”
3. Select “Gboard“ from the list
4. Tap “Storage & cache.”
5. Tap “Clear data“ and “Clear cache”

You can refer to Google’s official website to remove dictionary words, privacy settings, and how to turn off “learned words”.

To further protect your crypto assets, you can read my previous articles:

1. Crypto Wallets Exposed “Mnemonic Phrase Vulnerabilities” (4 Already Fixed)
2. A Story With No Ending, MetaMask User Lost 41 ETH in A Hack
3. Protect Your Crypto Wallets With InfoSec — The Three-Tier Wallet System

Thank you for reading. May InfoSec be with you🖖.