Submit this under the news that you let go, "Huh." In a leaked presentation, a Microsoft employee explained why Surface devices don't have Thunderbolt ports: security. According to the engineer, Thunderbolt connections are simply too insecure. And by the way, Surface devices also use soldered RAM in the name of security.
WalkingCat a prolific Microsoft leak on Twitter, leaked part of the video in question. In the presentation, which The Verge confirmed as genuine, the engineer explained the problem with Thunderbolt.
Surfaces don't have Thunderbolt because it's unsafe 🙃 pic.twitter.com/lb7YYOOQ4Y
̵1; WalkingCat (@ h0x0d) April 25, 2020
is unlike USB-C or other similar ports, a direct memory access point. This is necessary to transfer data at high speeds. It is not necessarily a unique feature of Thunderbolt, for example, PCI-Express is also a direct memory access point.
But Thunderbolt ports are much more accessible than PCI-Express. An attacker can mount a USB drive to take advantage of this. Dubbed as a Direct Memory Attack, usually the hacker used social engineering techniques (free USB stick! With a free video game!) To trick the victim into connecting it to the device.
Once connected, the Direct Memory Attack allows the hacker to bypass security completely on the device. And they have access to everything in memory, including all available data. That's a pretty terrifying prospect.
Along the same lines, the engineer claims that Microsoft chooses to secure RAM to Surface devices for security. With removable RAM, a bad actor can freeze with nitrogen, remove it, and then access its contents (including BitLocker keys) with an easily available reader.
Although the Thunderbolt reasoning sounds plausible, the RAM reasoning is not so convincing. It seems more likely that the driving factor is that solder RAM helps a manufacturer make thinner devices – a selling factor in tablets and laptops.
And as The Verge notes, Microsoft has core-level protection for Thunderbolt 3 built into Windows 10. It's worth noting that the Surface Connector, Microsoft's proprietary port, supports data transfer, power and video support on a single magnetic connected cable. But it doesn't support Thunderbolt.
via The Verge