News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft : TB3 is insecure as is Expendable RAM

    Posted on Alex5723 Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories Microsoft : TB3 is insecure as is Expendable RAM

    • This topic has 3 replies, 2 voices, and was last updated 2 months ago by anonymous.
    Viewing 3 reply threads
    • Author
      • #2259457 Reply
        AskWoody Plus

        Microsoft explains why it is the only OEM that doesn’t use TB3 port and expandable RAM in Surface PCs.
        Thunderbolt 3 is insecure while you can can freeze the RAM in liquid nitrogen and put it in a reader to access data like BitLocker recovery keys.

      • #2259556 Reply
        AskWoody Lounger

        … yeah, I’m fairly sure both of those actual issues were mentioned before.

        There are some Thunderbolt 3 mitigations possible, even the least of these required using fancy stuff in UEFI that’s technically noncompliant with the relevant standards… and some devices have a firmware setup option to downgrade the TB3/USB-C connector to regular USB-C.

        And depending on the specific RAM and how far you’re moving it, might not require the LN either. This is why on a laptop you use (encrypted!) hibernate instead of sleep mode, when taking it out of secure areas.

        (The RAM trick was even easier in the old days… back in the FPM/EDO era, two plain old saline-filled freezerpacks and some styrofoam could let you move data on RAM modules between labs in the same building. At least on some models of RAM chip… the lab guys in that workplace used to have a list of what worked reliably)

      • #2259570 Reply

        Microsoft didn’t put in expandable RAM because it increases the build cost and makes it more difficult to charge a premium for extra RAM.

        Thunderbolt likely had more to do with the cost of the patent license than security.  Microsoft doesn’t have a track record of worrying overmuch about their customer’s security, or even what their customers want (as opposed to what Microsoft wants.)

      • #2259616 Reply

        Didn’t Apple address that issue with their T2 security chip? (And if I recall correctly, that was one of the reasons why they didn’t trust Intel to make those chips… they needed to know exactly what was going into those vital chips)

        And if Microsoft really cared about security, they wouldn’t force people to pay for Pro just to get Bitlocker. Especially when Apple and Google make device encryption available to everyone for no additional cost these days.

    Viewing 3 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft : TB3 is insecure as is Expendable RAM

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.