A new leak has provided some insight into why Microsoft’s Surface lineup doesn’t feature Thunderbolt 3 ports. The reasoning comes down to security concerns, according to an internal Surface engineering webinar posted by Walking Cat on Twitter.
Surfaces don't have Thunderbolt because its insecure 🙃 pic.twitter.com/lb7YYOOQ4Y
— WalkingCat (@h0x0d) April 25, 2020
Per the employee speaking in the video, Microsoft’s Surface lineup doesn’t feature Intel’s Thunderbolt technology because “that’s indirect memory access.” The vulnerability to a direct memory access attack has always been present with Thunderbolt technology, but Microsoft remains the only manufacturer refusing to use it.
The employee also explains how someone with bad intentions and extensive hacking knowledge and the right tools can use the technology and port to access data stored on a device.
“If you have a well-prepared stick, you can put into the direct memory access port, then you can access the full device in memory and all data that are stored in memory. We don’t believe at this moment that Thunderbolt can deliver the security that is really needed from the devices,” says the employee.
The authenticity of the video is questionable, but The Verge reports that it was able to verify that is genuine. The Microsoft employee speaking in the video is apparently based in the Netherlands and has worked with the company for 10 years. Microsoft has not commented on the video yet.
Microsoft’s Surface devices are one of the only premium laptops and 2-in-1s to not include Thunderbolt 3. Other manufacturers like HP, Dell, Apple, and Lenovo have opted to include the port, which allows for fast data transfer rates, charging of smartphones, and support for external GPUs.
Despite the benefits, there are indeed risks. In 2019, security researchers disclosed a vulnerability similar to the one that Microsoft discussed in the leaked video. Microsoft, though, has a new feature called Kernel DMA Protection, built into the system and Windows 10 which can prevent this at certain levels. Apple also has a T2 security chip in its MacBooks and Mac devices which secures Touch ID Data, and storage and enables secure boot.
Other than Thunderbolt 3, the leaked video also discusses why Microsoft doesn’t allow users to upgrade the RAM in Surface devices. This is also apparently a security threat, according to Microsoft.
The video explains that with the right tools, someone with bad intentions can access data and contents of a device by “freezing the memory with liquid nitrogen, get the memory out, and then put it in a specific reader to access all data stored in the memory.” Of course, this is not easily done, but it does explain why users can’t upgrade their Surface devices.
