No Thunderbolt on The Surfaces: Microsoft Invokes The security Argument

Posted on

Valid reason or false excuse?

Elegant, high-performance products from the Surface range are generally appreciated despite some weaknesses.

Among them, the impossibility to replace the RAM and the absence of Thunderbolt 3 connectors, which is widespread among competitors.

Two shortcomings that Microsoft justifies by its willingness to offer the most secure devices possible.

In a presentation unveiled at an online event, Microsoft tries to justify the surprising absence of USB-C Thunderbolt 3 connectors on the various devices of its prestigious Surface range, and the presence (much more classic) of RAM memory soldered to the motherboard.

According to the Redmond giant, the Thunderbolt 3 transfer protocol would simply not be secure enough, as for the RAM… it could be victim of a liquid nitrogen attack if it was not glued to the motherboard.


Microsoft’s main argument to explain why its Surface products do not use any Thunderbolt 3 connection (despite the presence of USB-C ports): the direct access to the RAM which the DMA (Direct Memory Access) process takes advantage of.

To allow such fast data transfers, the Thunderbolt 3 uses the DMA process to obtain direct access to RAM, without having to use the OS or processor.

An effective method, but one that carries a risk. If your device is stolen, it is possible to use Thunderbolt 3 ports to bypass the lock screen, inject malware, or obtain certain confidential data, such as Bitlocker keys.

Microsoft’s logic with respect to welded RAM is much the same. If your device is stolen from you, being able to separate the RAM from the PC can turn it against you. However, the argument seems a little less convincing.

Microsoft explains that to do this, malicious people would have to use liquid nitrogen to “freeze” the state of the RAM without power, before detaching it to read it with an external RAM drive. In theory, many manipulations are then possible.


If Microsoft’s arguments are admissible (these hacking methods exist and are possible), they are only relevant if the device is used without the owner’s knowledge.

It could then be argued that there is a whole suite of methods other than the hijacking of the DMA process, or the reading of nitrogen-frozen RAM, to obtain access to important files on a stolen device for example.

Interestingly, Microsoft seems to be preparing a solution that would allow it to add a Thunderbolt 3 port to future Surface products… and without compromising security.

MSPowerUser reminds that the group has recently introduced a new feature called Kernel DMA Protection. Deployed with Windows 10 1803, it aims precisely at protecting the PC from attacks using the DMA process.

Leave a Reply