Why I hacked myself

Next story

Jake Moore, ESET IT Security Specialist, explains why he had to hack himself to regain access to one of his accounts, all because he forgot his password.

Hands up who's forgotten a password before! Surely it's one of those trusty few passwords we always use, right? The cats name, your child’s date of birth, 'Password.1'? Well you can just reset it, oh no wait - this one is still connected to that unused Hotmail email address you stopped using years ago.

Sound familiar? But what happens if you lose the password to your encrypted iPhone backup and you need to restore the damn thing? Well this is exactly what happened to me.

I went to do a typically mundane iOS update on my iPhone recently and, as per usual, I did a quick backup through iTunes on my desktop PC at home before I started.

However, halfway through the update, my phone crashed and became a very expensive brick in no time. I left it and left it but nothing was playing ball. Eventually, the phone decided to revert back to the dreaded factory settings, wiping all personal data on the device.

No contacts, photos, data, nothing. But my shock and horror was short lived! Luckily I had that trusty valuable backup I had done one hour earlier, or so I thought…



I plugged in my phone and hit restore from backup on this machine. Now this is where it happened - it asked me for my iPhone backup password (encrypted restore passwords are only required if want to backup data such as the heart app or 2FA authenticator apps for example).

I thought I knew this password. Well this is where panic struck, it transpires I did NOT know my password! It would not accept any password, nothing that I thought it could have been!

All of my online passwords are randomly generated in a password manager, but for some reason, I had not input this one, and now it's asking for it… panic!

So then it dawns on me – I was going to have to try and crack the password to my own device.

I immediately turned to some brute force software that I trust, pointed it at the encrypted file and ran it. Wanting to blame anyone but myself, I went to bed, in a mood, muttering, "How can Apple allow this?"


Brute Force

Eventually, after a night of attempting a brute force attack on this backup, it located an eight-character password I had originally used in 2010. I went back to iTunes, typed it in and bingo! Everything was restored back on my phone, the panic was over and thankfully nothing was lost.

So the moral of the story is: always make backups of your data and remember to record the password. Use a password manager - otherwise you may have to hack yourself like I did, which can be painful, time consuming and very, very irritating!

Have you ever forgotten an extremely important password like Jake did? Let us know on Twitter @ESETUK.

Did you know that ESET Smart Security Premium comes with a built-in Password Manager? It makes managing and creating secure and unique passwords a breeze, click the link to find out more.