Microsoft’s Surface devices are capable workhorses, but there’s a few oversights that users have been complaining about, which include the lack of Thunderbolt USB-C ports and RAM that’s soldered to the motherboard. A recent presentation spotted by WalkingCat (via MSPoweruser) has revealed why – apparently, both of these design choices were made for security purposes.
Surfaces don't have Thunderbolt because its insecure 🙃 pic.twitter.com/lb7YYOOQ4Y
— WalkingCat (@h0x0d) April 25, 2020
“Thunderbolt uses DMA (Direct Memory Access) which means the port can read and write directly to your device’s RAM without the OS or processor being involved,” explained MSPoweruser. “This offers great speed, but also means a malicious device could read any part of your RAM at will, including important items such as your Bitlocker key and other encryption keys, or even inject malware which allows hackers to bypass the lock screen.”
Likewise, Microsoft opted for soldered RAM to eliminate an attack vector granting full access to a Surface device’s memory. According to the presentation, a malicious individual could use liquid nitrogen to preserve the state of a RAM chip, allowing it to be removed, read on an external reader, and exploited.
While security is always paramount, Surface users aren’t completely satisfied with Microsoft’s reasoning, as both of these scenarios would require physical access to the machine. There’s a possibility that the company is actually prepping the Surface brand for government use.