Microsoft might have been right to skip Thunderbolt 3 (again) on the new Surface Book 3

[Redaktion]

Microsoft has been copping it for bypassing Intel's Thunderbolt ultra-high-speed I/O once again on the new Surface Book 3. However, it appears that its recently revealed security concerns about the technology and how it interfaces with Windows may appear to vindicate its decision.

https://www.notebookcheck.net/Microsoft-might-have-been-right-to-skip-Thunderbolt-3-again-on-the-new-Surface-Book-3.464769.0.html

[King]

But this is fixed on post-2019 laptops, correct? Is there a reason why MS can't implement the fix, whatever the fix is, on their 2020 device??

[t4n0n]

I'm sorry, but I've seen this story carried elsewhere on consumer tech sites and a lot of it seems hopelessly naïve.

Like for example the idea attackers could steal your information, even from encrypted files, using this exploit. How, exactly? Unless this has fundamentally changed cryptography as we know it, encryption still renders files unreadable.

I suspect the actual idea here is that an attacker could read the decrypted contents of an encrypted file on disk, that has been opened and is therefore present in memory (through Thunderbolt's DMA) but this, of course, relies on the file being open in the event anyway, at which point, you're only so many steps away from seeing it on the screen.

Is this totally irrelevant?

No, of course not, for security professionals, organisations that require high degrees of information confidence and even just security concious individuals.

Does it justify removing the capability from a primarily consumer facing device, especially when every other competing device on the market has someone managed to implement it, without any significant incident? No, obviously not.

[DF]

It bypasses encryption like bitlocker because the unencrypt codes sit in memory and thus can be swiped rendering the files unencryptable.

Only partial fixes for any current machine - no full protection.  Yes MS will probably implement some partial resistance at some point but the fundamentals of the flaw are hardware and not tracked by software controls (invisible to any software methods).

Spells additional trouble for chips where TB is built into the CPU.

[_MT_]

I'm sorry, but I've seen this story carried elsewhere on consumer tech sites and a lot of it seems hopelessly naïve.

Like for example the idea attackers could steal your information, even from encrypted files, using this exploit. How, exactly? Unless this has fundamentally changed cryptography as we know it, encryption still renders files unreadable.

I suspect the actual idea here is that an attacker could read the decrypted contents of an encrypted file on disk, that has been opened and is therefore present in memory (through Thunderbolt's DMA) but this, of course, relies on the file being open in the event anyway, at which point, you're only so many steps away from seeing it on the screen.

Well, you seem to be naive. You're not trying to steal files from RAM, you're trying to steal keys which then allow you to decrypt files. Disk encryption is primarily designed to protect data at rest. Not in use. Standard sleep is not really rest. It's partially on. Not to mention modern stand-by. And spoiler alert, there are attacks even for fully powered down devices. When attacking encryption, it's usually not the mathematics you're targeting. That part tends to be very solid. It's the implementation, the technicalities that are weak. For example, in full disk encryption, you need a key to boot a system. Usually, authentication is happening after boot. That is a very obvious complication in an otherwise good idea to encrypt the whole thing.

[Daniel Ridenhour]

Possible exploit for sleeping or locked units..  if you have hundreds of dollars in specialized hardware.    Doesn't apply to me at all...  not having TB3 so I can use the same docs and equipment no matter what machine I happen to be carrying removes the entire surface line from consideration.   I'm sure for someone who has invested heavily in the surface lineup and wants the form over function in all instances will prefer things the way they are.  More power to them.    But I'll continue to pass.

[_MT_]

But this is fixed on post-2019 laptops, correct? Is there a reason why MS can't implement the fix, whatever the fix is, on their 2020 device??

No, the fix is only partial. Full fix should require hardware mitigation not yet available (Intel is planning further mitigation in future hardware). Also, it requires BIOS support. Even among newly released laptops, not all are expected to offer this feature (indeed it seems few do). Not to mention there are known compatibility issues (it requires driver support). So, your hardware might stop working. And it might turn out down the road that this mitigation isn't invulnerable itself. It's not the first attempt at securing Thunderbolt. They might find a way to circumvent it. That's how it goes in security. It's endless battle. The only sure way to prevent misuse is to not have it in the first place. Direct memory access is very powerful and therefore desirable. Not that I'm buying Microsoft's story that they omitted TB3 out of security concerns. It's just a basic principle. It's called reducing attack surface. You can't attack what's not there. I'm sure the glued case on the Laptop was also a security feature - tamper evident. ;-)

[Philip Darcy Street]

I read your article and reasoning for providing an excuse.  Not having ANY Thunderbolt 3 ports on any surface product limits it.  I bought a Surface Book 2 and it was very expensive purchase.  As Registered Professional Architect in BC Canada I would like to say this!  Microsoft the products without a Thunderbolt port limit the Functionality of the computer system you sell to everyone.  If and only if you put a Thunderbolt port on them;  I would have given my Professional Recommendations that your products WITH THUNDERBOLT PORT are the BEST I.e. number one product to buy.  SINCE MICROSOFT DOES NOT LISTEN TO CONSUMERS OR WANT TO FOLLOW CURRENT STANDARDS,  I can only say buyer beware and would rate their Products far from the top; ranking them 4th overall with other brands that have Thunderbolt Ports!

[123]

The real problem here is lack of memory encryption. If Intel CPUs encrypted RAM, a plethora of attacks would be simply impossible to conduct. AMD CPUs do encrypt RAM but RAM encryption can be turned off - not good enough since UEFI firmware is one of the weaker links that can be manipulated by attacker.

[Thinkpad Fan]

This isn't even a concern if you have a proper business machine and just enable chassis intrusion detection. The second the bottom cover is removed, the machine will power off and the memory will go blank. Looks like the bad actor can't hack any competently configured devices.

[slyh]

This isn't even a concern if you have a proper business machine and just enable chassis intrusion detection. The second the bottom cover is removed, the machine will power off and the memory will go blank. Looks like the bad actor can't hack any competently configured devices.

The chassis is opened to re-programme the SPI flash chip. Once it's done, the secure level of the thunderbolt controller will be set to zero thus allowing DMA attack.

Most of the FDE deployments use BitLocker without pre-boot authentication. Therefore, even if the machine is powered off during the modification, the attacker can just boot up the machine, bypass the login and obtain any encrypted files.

[123]

This isn't even a concern if you have a proper business machine and just enable chassis intrusion detection. The second the bottom cover is removed, the machine will power off and the memory will go blank. Looks like the bad actor can't hack any competently configured devices.

Defeating physical tamper protection switches is easy for a skilled attacker. Worst case scenario, bad actor will cut the chassis around the switches - they most likely need not reassemble the machine after they're done extracting data from it.

[Mike Dyer]

Sound more like Microsoft Software issue to me. If Its not a problem for Macs Microsoft need to sort themselves out.

[_MT_]

This isn't even a concern if you have a proper business machine and just enable chassis intrusion detection. The second the bottom cover is removed, the machine will power off and the memory will go blank. Looks like the bad actor can't hack any competently configured devices.

Unless you actually actively scramble the memory, it's going to take time for the modules to lose their content. It's not instantaneous. And even if they do, it won't entirely protect you. The attack is still relevant.

[_MT_]

Sound more like Microsoft Software issue to me. If Its not a problem for Macs Microsoft need to sort themselves out.

How can it be Microsoft's issue when they're attacking hardware and messing with Intel's security feature? And the mitigation requires specific hardware and BIOS support? Indeed Macs are also vulnerable. Especially under Boot Camp as it seems Apple decided to disable the protection when using Boot Camp. Windows feature the necessary support, just like MacOS or Linux. All of them released it last year.