Microsoft reveals why there is no Thunderbolt 3 support, it's insecure

Ink

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Content source
https://mspoweruser.com/microsoft-reveals-why-no-surface-device-has-thunderbolt-and-you-cant-upgrade-your-ram/
Microsoft came very late to the party when it came to adding USB-C to their range of Surface laptops and PCs, and when it did eventually arrive, Microsoft disappointed many due to the ports not supporting Thunderbolt, which offers much faster data speeds and which is overall more versatile.

Now the reason for this somewhat strange choice has been revealed in a Microsoft presentation, which explains that it is all about security.
Thunderbolt uses DMA (Direct Memory Access) which means the port can read and write directly to your device’s RAM without the OS or processor being involved. This offers great speed, but also means a malicious device could read any part of your RAM at will, including important items such as your Bitlocker key and other encryption keys, or even inject malware which allows hackers to bypass the lock screen.

It is for the same reason, according to a Microsoft presenter, that all Surface products have soldered RAM, as attackers could use liquid nitrogen to preserve the state of a RAM chip without power, move the chip to an external RAM reader, and then get full unprotected access to your RAM, including encryption keys.

WalkingCat found the video presentation [Video on Twitter]
Click to expand...

Interestingly Microsoft did introduce Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (DMA) attacks using PCI hotplug devices connected to Thunderbolt 3 ports with Windows 10 1803, meaning Microsoft will hopefully someday release a Surface with Thunderbolt 3.
Click to expand...
 
  • Like
  • +Reputation
Reactions: roger_m, bayasdev, Protomartyr and 4 others
Digerati

Digerati

Level 7
Verified
Well-known
Mar 2, 2017
318
Those are valid excuses, but they feel like pretty lame excuses too - especially for the RAM part.

Soldered RAM does indeed prevent a bad guy from preserving the data in liquid nitrogen, then retrieving that data with a special reader. But that assumes the bad guy obtained physical possession of your computer just when you last used it for classified/sensitive tasks, and you didn't perform a complete power-off shutdown of the computer. And obviously, if a bad guy has physical access to your computer, you have much greater security issues to deal with.

Soldered RAM is commonly used (by many manufacturers - not just MS) because when there is no need to use a socket, it saves money, it saves space and it saves weight - desired goals/features for both the consumer and the manufacturer.

Thunderbolt does indeed have some security issues, but again, physical access to the device must be obtained by the bad guy to exploit those vulnerabilities. Also, and I confess I am not 100% certain about this, but I think there are or were some licensing issues with Thunderbolt, costs that again would have been passed down to the consumer. This is because Thunderbolt was developed in a joint venture between Intel and Apple - and we all know how generous and liberal Apple is with sharing their proprietary property rights.

So the article asks if Microsoft is being overly paranoid? I say, "no" with two observations. (1) Microsoft's marketing weenies should have been more upfront with the primary reasons instead of trying to "spin" the reasons with the security card. And (2) I feel there's a "hidden agenda" in the article and the author is trying to, once again, stir up anti-Microsoft sentiment as surely Microsoft is not the first to use soldered RAM (or soldered CPUs and GPUs) and not include Thunderbolt.

I wonder how many prospective buyers are demanding Thunderbolt? And if the lack of Thunderbolt is a show-stopper?

Thunderbolt 4 arrives in 2020, but USB will remain the king of PC ports.
 
  • Like
Reactions: roger_m, upnorth, MacDefender and 3 others
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Digerati said:
Those are valid excuses, but they feel like pretty lame excuses too - especially for the RAM part.
Click to expand...

It's super lame, more than just lame. Kernel DMA protection is one answer to this problem. Also, many thunderbolt 3 accessories like displays do not require DMA at all, but enable you to access 5K and 6K display panels due to the additional bandwidth over USB-C.

Plus, I see Microsoft Surface as a competitor to Apple -- an attempt for Microsoft to vertically integrate from hardware to OS. Why not work with Intel and other vendors to define the level of DMA protection you would like? It is possible through IOMMUs and related hardware technologies to impose restrictions and not allow unfettered DMA to arbitrary system memory.
 
  • Like
Reactions: Gandalf_The_Grey, roger_m, Protomartyr and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
Microsoft ends support for Surface Laptop 2, no more firmware and driver updates
Replies
0
Views
542
News Archive
silversurfer
silversurfer
SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
75
Views
10,392
Other security for Windows, Mac, Linux
Warencom
W
Gandalf_The_Grey
    • Like
    • +Reputation
Chip to cloud security: Pluton-powered Windows 11 PCs are coming
Replies
0
Views
885
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top