Leaked Microsoft video shows why Surface PCs don't support Thunderbolt

News
By last updated

According to a leaked video from Microsoft, Surface devices don't support Thunderbolt because it's insecure.

Surface Laptop 3
Surface Laptop 3 (Image credit: Windows Central)

What you need to know

  • Surface devices don't support Thunderbolt because it's insecure, according to a new video.
  • The video also explains that the Surface Laptop 3's RAM isn't user-upgradeable due to security reasons.
  • Many Surface devices have USB-C ports but do not support Thunderbolt.

While Thunderbolt 3 allows quick connections to devices, it has a direct memory access port. The video explains that an attacker with a specific type of memory stick could use that port to gain access to a device's data. Windows 10 wouldn't be able to stop such an attack because of the direct access Thunderbolt provides. The presenter in the video states,

So we don't believe, at this moment, that Thunderbolt can deliver the security that's really needed from the devices. That's why we've opted to integrate USB-C and USB 3 on our devices but have not integrated Thunderbolt on our devices.

The presenter also explains that Microsoft opted against removeable RAM on the Surface Laptop 3 because someone could freeze the memory with liquid nitrogen and read the memory with a specific reader. The presenter states,

If you would be able to physically take out the memory, what you can easily do as well is freeze the memory with liquid nitrogen, get the memory out, then put it in a specific reader.

Even though Microsoft's first-party Surface line doesn't support Thunderbolt, Microsoft has made efforts to make devices that use it more secure. MSPowerusser points out that Windows 10 gained kernel Direct Memory Access (KDP) for Thunderbolt 3 in Windows 10 version 1803. Windows 10 Secure-core PCs can use KDP to stop firmware attacks and ransomware attacks that go after data in the kernel of Windows 10.

Several OEMs utilize Thunderbolt while running Windows 10, including Dell, HP, Razer, and Lenovo, so some companies must feel the security concerns are not severe enough to leave it off devices. Some of Apple's devices running macOS support Thunderbolt, but they notably have Apple's T2 chip, which protects systems. Black Hat explains how the T2 chip secures devices from Thunderbolt-related attacks in an extensive video.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a news writer and apps editor for Windows Central with 11+ years of experience. A Nottingham Trent journalism graduate, Sean has covered the industry’s arc from the Lumia era to the launch of Windows 11 and generative AI. Having started at Thrifter, he uses his expertise in price tracking to help readers find genuine hardware value.

Beyond tech news, Sean is a UK sports media pioneer. In 2017, he became one of the first to stream via smartphone and is an expert in AP Capture systems. A tech-forward coach, he was named 2024 BAFA Youth Coach of the Year. He is focused on using technology—from AI to Clipchamp—to gain a practical edge.