In recent times, the decision not to add Thunderbolt support to their Surface devices has been surprising, and has been criticized. Microsoft has now released a technical presentation what they explain is that the reason for not doing it is just for the sake of security, something that sounds stranger when possible because if it is found to be harmful, it's normal to fix it with a firmware update, but closing doors already at Hardware level means there is no going back.
Microsoft says that Thunderbolt is not safe
Thunderbolt uses DMA (Direct Memory Access), which means the port of connection so the app connected to it can read and write directly to RAM without intervening with the operating system or processor.
This provides great speed, but it also means a device with malicious software you could read any part of RAM, including very important ones such as those with Bitlocker keys or other encryption keys. Similarly, Malware can be installed directly in RAM memory to avoid the lock screen and, thus, to access the system without a password.
Best places don't have Thunderbolt because its safe 🙃 pic.twitter.com/lb7YYOOQ4Y
– WalkingCat (@ h0x0d) April 25, 2020
This may be the reason why, according to Microsoft, even Surface devices with USB-C do not have Thunderbolt.
You cannot increase the Surface RAM
According to Microsoft, for this reason all Surface devices have sold RAM and have not been expanded. Now, the reason they explained this, to say the least, is absurd: According to the company, an attacker can rub your Surface, Equip RAM with Liquid Nitrogen to preserve its status, and put it in another program to access everything in RAM, including encryption keys.
As you would imagine this is not to be a real situation, not even remotely, and it rather looks like an illegal excuse that anyone who wants to buy more with more RAM has to pay more to start, and that it can't be expanded by that account.
Microsoft excuses no head or foot
As we just mentioned, the fact that Surface RAM has been transferred because they can steal your RAM and empty it with nitrogen sounds like a sad excuse that you have to pay more to buy Surface with more RAM from the start, because it's not quite the case but probably hollywood spy movie
Okay, we accept that attack vectors are real, but is it something that users can do in everyday life? In turn. If an attacker is able to physically access your PC, you have thousands, more obvious and obvious ways to try to access your information than Thunderbolt or RAM. This "level of security" may be interesting for computers running on government, but not for general users.
As if that wasn't enough, it's been a long time since Microsoft itself launched with Windows 10 1803 Update to protect against DMA attacks, so your explanation of why Surface doesn't have Thunderbolt loses all its authenticity.