File this under news that makes you go, “Huh.” In a leaked presentation, a Microsoft employee explained why Surface devices don’t have Thunderbolt ports—security. According to the engineer, Thunderbolt connections are just too insecure. And for that matter, Surface devices use soldered RAM in the name of safety also.
WalkingCat, a prolific Microsoft leakster on Twitter, leaked a portion of the video in question. In the presentation, which The Verge confirmed as genuine, the engineer explained the problem with Thunderbolt.
Surfaces don't have Thunderbolt because its insecure 🙃 pic.twitter.com/lb7YYOOQ4Y
— WalkingCat (@h0x0d) April 25, 2020
Thunderbolt, unlike USB-C or other similar ports, is a direct memory access port. That’s necessary for transferring data at high speeds. It’s not a unique feature of Thunderbolt necessarily, PCI-Express is also a direct memory access port, for instance.
But Thunderbolt ports are far more accessible than PCI-Express. An attacker could set up a USB drive to take advantage of that fact. Dubbed a Direct Memory Attack, usually, the hacker would use social engineering techniques (free USB stick! with a free video game!) to trick the victim into plugging it into the device.
Once connected, the Direct Memory Attack lets the hacker bypass security on the device entirely. And they’d have access to everything in memory, including any data on hand. That’s a pretty scary prospect.
Along similar lines, the engineer claims that Microsoft chooses to solder RAM to Surface devices for security. With removable RAM, a bad actor could freeze with nitrogen, remove it, then access the contents (including BitLocker keys) with an easily obtainable reader.
While the Thunderbolt reasoning sounds plausible, the RAM reasoning isn’t as convincing. It seems the more likely driving factor is that soldering RAM helps a manufacturer create thinner devices—a selling factor in tablets and laptops.
And as The Verge points out, Microsoft built kernel-level protection for Thunderbolt 3 into Windows 10. It’s worth noting that the Surface Connector, Microsoft’s proprietary port, supports data transfers, power delivery, and video support on a single magnetically attached cable. But it doesn’t support Thunderbolt.
via The Verge