We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

Microsoft Surface Devices Skip Thunderbolt Ports for Security

A Microsoft Pro 7 with a red keyboard cover.

File this under news that makes you go, “Huh.” In a leaked presentation, a Microsoft employee explained why Surface devices don’t have Thunderbolt ports—security. According to the engineer, Thunderbolt connections are just too insecure. And for that matter, Surface devices use soldered RAM in the name of safety also.

WalkingCat, a prolific Microsoft leakster on Twitter, leaked a portion of the video in question. In the presentation, which The Verge confirmed as genuine, the engineer explained the problem with Thunderbolt.


Thunderbolt, unlike USB-C or other similar ports, is a direct memory access port. That’s necessary for transferring data at high speeds. It’s not a unique feature of Thunderbolt necessarily, PCI-Express is also a direct memory access port, for instance.

But Thunderbolt ports are far more accessible than PCI-Express. An attacker could set up a USB drive to take advantage of that fact. Dubbed a Direct Memory Attack, usually, the hacker would use social engineering techniques (free USB stick! with a free video game!) to trick the victim into plugging it into the device.

Once connected, the Direct Memory Attack lets the hacker bypass security on the device entirely. And they’d have access to everything in memory, including any data on hand. That’s a pretty scary prospect.

Along similar lines, the engineer claims that Microsoft chooses to solder RAM to Surface devices for security. With removable RAM, a bad actor could freeze with nitrogen, remove it, then access the contents (including BitLocker keys) with an easily obtainable reader.

While the Thunderbolt reasoning sounds plausible, the RAM reasoning isn’t as convincing. It seems the more likely driving factor is that soldering RAM helps a manufacturer create thinner devices—a selling factor in tablets and laptops.

And as The Verge points out, Microsoft built kernel-level protection for Thunderbolt 3 into Windows 10. It’s worth noting that the Surface Connector, Microsoft’s proprietary port, supports data transfers, power delivery, and video support on a single magnetically attached cable. But it doesn’t support Thunderbolt.

via The Verge

Josh Hendrickson Josh Hendrickson
Josh Hendrickson is the Editor in Chief of Review Geek and is responsible for the site's content direction. He has worked in IT for nearly a decade, including four years spent repairing and servicing computers for Microsoft. He’s also a smart home enthusiast who built his own smart mirror with just a frame, some electronics, a Raspberry Pi, and open-source code. Read Full Bio »