What you need to know
- Surface devices don't support Thunderbolt because it's insecure, according to a new video.
- The video also explains that the Surface Laptop 3's RAM isn't user-upgradeable due to security reasons.
- Many Surface devices have USB-C ports but do not support Thunderbolt.
A leaked video with an unnamed Microsoft employee explains that Surface devices don't support Thunderbolt because the technology is insecure (via ZDNet). The video emerged thanks to well-known leaker WalkingCat sharing it on Twitter over the weekend. While new Surface devices have USB-C ports and support USB 3, they do not support Thunderbolt.
While Thunderbolt 3 allows quick connections to devices, it has a direct memory access port. The video explains that an attacker with a specific type of memory stick could use that port to gain access to a device's data. Windows 10 wouldn't be able to stop such an attack because of the direct access Thunderbolt provides. The presenter in the video states,
So we don't believe, at this moment, that Thunderbolt can deliver the security that's really needed from the devices. That's why we've opted to integrate USB-C and USB 3 on our devices but have not integrated Thunderbolt on our devices.
The presenter also explains that Microsoft opted against removeable RAM on the Surface Laptop 3 because someone could freeze the memory with liquid nitrogen and read the memory with a specific reader. The presenter states,
If you would be able to physically take out the memory, what you can easily do as well is freeze the memory with liquid nitrogen, get the memory out, then put it in a specific reader.
Even though Microsoft's first-party Surface line doesn't support Thunderbolt, Microsoft has made efforts to make devices that use it more secure. MSPowerusser points out that Windows 10 gained kernel Direct Memory Access (KDP) for Thunderbolt 3 in Windows 10 version 1803. Windows 10 Secure-core PCs can use KDP to stop firmware attacks and ransomware attacks that go after data in the kernel of Windows 10.
Several OEMs utilize Thunderbolt while running Windows 10, including Dell, HP, Razer, and Lenovo, so some companies must feel the security concerns are not severe enough to leave it off devices. Some of Apple's devices running macOS support Thunderbolt, but they notably have Apple's T2 chip, which protects systems. Black Hat explains how the T2 chip secures devices from Thunderbolt-related attacks in an extensive video.