Smartphones can predict our seed phrase
Smartphones can predict our seed phrase
Security

Smartphones can predict our seed phrase

By Martina Canzani - 2 May 2022

Chevron down
Listen this article
download

This is not a joke or a clickbait, unfortunately, it’s all true. Andre, a German IT professional, seems to have discovered that our smartphones can in some cases be far too “smart”.

What Andre, somewhat accidentally, managed to discover is that the predictive typing of our phones can allow potential hackers to discover our seed phrase, simply by guessing the first word of the seed phrase.

As we all know, seed phrases are a random combination of words from the Bitcoin Improvement Proposal (BIP) 39 list of 2048 words, and more importantly, in the world of crypto investments they are the only way we can protect our money

The blockchain makes everything transparent and visible to all, not allowing information to be obscured or hidden. The seed phrase is the only information that must remain secret at all times.

Predictive typing on smartphones lowers our security: seed phrases in danger?

smartphone
The security of our seed phrase could be in jeopardy

Andre, an IT professional, has discovered that when he enters the first word of his seed phrase into his smartphone, the device, through predictive typing, manages to “suggest” the next word correctly, thus completing the entire access key.

The smartphone then remembers the seed phrase entered by the user the first time, and then uses its own potential to facilitate the user’s work on subsequent occasions. However, this creates a major security flaw.

The ability of our phones to predict the entire seed phrase makes it much easier for hackers to access our crypto wallets.

Andre states:

“This makes it easy to attack, get your hands on a phone, start any chat app, and start typing any words off the BIP39 list, and see what the phone suggests”.

After making the unfortunate discovery, Andre looked into the matter further by doing some experiments. His tests confirmed that Google’s GBoard is the least vulnerable, as the software cannot predict every word in the correct order

In contrast, in the expert’s attempts, Microsoft’s Swiftkey keyboard was able to predict the initial phrase immediately, as was Samsung’s keyboard, but only with the options – “Auto-replace” and “Suggest text corrections” switched on.

How to secure our wallets

The security of our digital wallets is a very important topic that we could rave about for a long time. The real answer, the real practical advice that should be given to all users, especially the less experienced, is that to be more secure and avoid unpleasant situations like these, it is best to use a hardware wallet!

This is the only real indication to follow in order to try to lower the level of vulnerability.

Martina Canzani

Graduated in Law at the University of Milan. After completing her academic studies, she became interested in the world of blockchain, finding it a powerful tool for redemption. Her passion then turned into a job, and now she invests in early-stage projects in decentralised finance and DAO and writes articles on all the news concerning the crypto world.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.