Seed phrases, a random combination of words from the BIP 39 list of 2048 words, act as one of the primary layers of security against unauthorized access to a user’s crypto holdings. But what happens when your ‘smart’ phone’s predictive typing remembers and suggests the words next time you try to access your digital wallet?
Andre, a 33-year-old IT professional from Germany, recently posted on the r/CryptoCurrency subreddit after discovering his mobile phone’s ability to predict the entire recovery seed phrase as soon as he typed down the first word.
As a fair warning to fellow Redditors and crypto enthusiasts, Andre’s post highlighted the ease with which hackers can use the feature to drain a user’s funds just by being able to type the first word out of the BIP 39 list:
Speaking to Cointelegraph, Andre, a.k.a. u/Divinux on Reddit, shared his shock when he first experienced his phone literally guessing the (12-24 word) seed phrase — “First I was stunned - the first couple words could be a coincidence, right?”
As a tech-savvy individual, the German crypto investor was able to reproduce the scenario wherein his mobile phone could accurately predict the seed phrases. After realizing the possible impact of this information if it went out to the wrong hands, “I thought I should tell people about it; I'm sure there are others who also have typed seeds into their phone.”
Andre’s experiments confirmed that Google’s GBoard was the least vulnerable as the software did not predict every word in the correct order. However, Microsoft’s Swiftkey keyboard was able to predict the seed phrase right out of the box. The Samsung keyboard, too, can predict the words if ‘Auto replace’ and ‘Suggest text corrections’ have been manually turned on.
And
Read more on cointelegraph.com