Reddit blogger found a way to guess the seed phrase with a smartphone

This can be done using the predictive text input function on the keyboard

02.05.2022 - 07:20

366

1 min

What’s new? The secret phrase for logging into a crypto wallet can be learned using the smartphone keyboard. This discovery was made by a German IT professional with the nickname Divinux. He published detailed instructions in the r/CryptoCurrency thread on the blogging platform Reddit.

Link to the publication

How does seed phrase selection work? When entering the first words of the seed phrase to access the crypto wallet, the predictive function of the smartphone itself picks up the remaining secret words. According to the blogger, this is due to the fact that the mobile phone stores the data in its cache and later inserted it in the right field. This vulnerability allows attackers to gain unauthorized access to the cryptocurrency wallet in case they physically take possession of the user’s phone.

The post notes that the least vulnerable was Google’s GBoard keyboard, which failed to predict the correct words in the correct order. Keyboards from Microsoft and Swiftkey, on the contrary, predicted all the words from the secret phrase.

What happened before? On April 17, MetaMask developers warned of phishing attacks on Apple iCloud. The representatives of the crypto wallet advised disabling iCloud backup for MetaMask in the device settings. And in February 2022, Samsung demonstrated a Galaxy S22 Ultra smartphone with a digital wallet that supports cryptocurrencies. The presentation took place at the virtual Unpacked 2022 event in the metaverse

Author: