A screenshot of a reported Surface Pro 8 leak. This device reportedly includes Thunderbolt, a technology Microsoft has shied away from. (via @Shadow_Leak)
For years, the biggest knock one could carry against Microsoft’s many Surface devices—which have become hugely popular, especially within businesses—has been the lack of Thunderbolt support.
Reviewers who otherwise loved the machines complained about the fact that Microsoft was offering these extremely high-end devices (particularly the Surface Book, which sold in some configurations for $3,000 or more) without any access to Thunderbolt ports, which all of their Intel-based competitors in the price range offered. (AMD has yet to support Thunderbolt for technical and business reasons, though this is expected to change soon.)
This was a huge downside for professional users, because it closed off access to high-end accessories like external GPUs, specialized audio equipment, or docks capable of connecting numerous monitors at once.
That is rumored to be changing this week with the release of the Surface Pro 8, expected on Wednesday, according to a prominent leaker. Finally.
Examples of what Thunderbolt ports looked like on earlier MacBooks. Current variations use USB-C. (Kārlis Dambrāns/Flickr)
But it’s worth looking back at why this took so long in the first place. Thunderbolt was a technology that nearly all of its big-name Windows OEMs had already embraced in their high-end laptops, making Microsoft’s refusal to support it was a bit quizzical. But last year, a popular Twitter leaker whose account has now been suspended shared the details of a presentation that claimed that Thunderbolt could be exploited directly via a certain kind of memory stick. This unusual revelation—especially given that, yes, basically all of Microsoft’s partners offered Thunderbolt on their Intel laptops—seemed validated just a week or two later when a new type of attack that worked in a very similar way, called Thunderspy, emerged from the security community.
In some ways, the nature of the exploit represented something out of spy novels: "All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," researcher Björn Ruytenberg said of the attack.
Just one problem: For 99.99 percent of people, this kind of attack is purely theoretical. It cannot be scaled, and it would take time to do. You couldn’t just start randomly sticking things into Thunderbolt ports and hoping you got a positive hit—the user would have to physically be separated from their laptop for a significant period of time, and the user would have to know the exploit was possible on the laptop. But the problem is that Microsoft and other companies make a lot of money off of the 0.01 percent of people who might be at risk of such an attack, those people being enterprise customers, especially in government or the corporate world.
The Surface Book, infamously, did not have Thunderbolt despite being one of the most powerful laptops on the market. (Tinh tế Photo/Flickr)
Apparently Microsoft did the math and decided that it made more sense to not include the port for everyone despite this realistically being a risk for only a small portion of its users, and despite the fact that it led some of its potential customers into the arms of other companies—most notably Apple, which has made Thunderbolt a centerpiece of its products for a decade now. (That security mechanism I always complain about likely keeps Thunderbolt protected from these attacks, FWIW.)
On the plus side, Intel has done a ton of work to fix this issue on their end by implementing a technology called Kernel Direct Memory Access Protection, which prevents drive-by attacks of this nature, though it’s not incredibly common at this juncture. One would assume that the existence of this technology and its growing uptake made Microsoft comfortable with finally putting Thunderbolt on its machines.
(Fun fact: These types of attacks are also possible with PCIe ports, meaning that you could theoretically open desktops and put in expansion cards to attack them, far easier to do in many cases than with laptops!)
All in all, I’m glad to see that Microsoft is finally embracing a technology that was really holding them back, and that their security apparatus reached a point where they felt comfortable with it.
Enjoy using an eGPU on your Surface, freaks.
Time limit given ⏲: 30 minutes
Time left on clock ⏲: 28 seconds
