Trojan horse terminals

[Dave Emery]

	Many modern CRT's include EEPROM or battery backed up CMOS ram
to store configuration information, function key strings and the like.
Almost all use some common microprocessor as a controller increasingly
often running out of cheap socketed EPROMs.

	These components make a sinister combination in the hands of the
wrong person.  It should not be difficult to hack the terminal firmware
to recognize login sequences and the like and quietly save a copy
of the username/password pair in EEPROM or backup ram. 
And a more diabolical hacker could make the terminal appear to
die a few hours after it captured the root password so it would get shipped
back to be repaired (or swapped with another from a less secure area) where
it could be read out.

	Are you sure the terminals you use haven't been tampered with ?

	Programming micros isn't all that difficult, EPROM programmers are
increasingly common and available, and disassembly tools and debuggers
are available for most micros. In some academic settings such hacking used 
to be common. (Perhaps I'm just getting old and the current generation 
doesn't do such things any more).  In any case in business settings where
almost everyone has a terminal on his desk that is more or less
exactly the same as everyone elses this does represent a means of
breaking into a system.

          David I. Emery    Charles River Data Systems   617-626-1102
          983 Concord St., Framingham, MA 01701.
	  uucp: decvax!frog!die