OpenBSD Disables Intel Hyper-Threading to Prevent Spectre-Class Attacks

Security-oriented BSD operating system OpenBSD has decided to disable support for Intel’s hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks.

Introduced in 2002, Hyper-threading is Intel’s implementation of Simultaneous Multi-Threading (SMT) that allows the operating system to use a virtual core for each physical core present in processors in order to improve performance.

The Hyper-threading feature comes enabled on computers by default for performance boosting, but in a detailed post published Tuesday, OpenBSD maintainer Mark Kettenis said such processor implementations could lead to Spectre-style timing attacks.

“SMT (Simultaneous multithreading) implementations typically share TLBs and L1 caches between threads,” Kettenis wrote. “This can make cache timing attacks a lot easier, and we strongly suspect that this will make several Spectre-class bugs exploitable.”

In cryptography, side-channel timing attack allows attackers to compromise a system by analyzing the time taken to execute cryptographic algorithms. By measuring the precise time taken for each operation, an attacker can inversely calculate the input values to reveal confidential information.

Meltdown and Spectre-class vulnerabilities discovered earlier this year would be excellent examples of timing attacks.

Therefore, to prevent users of the OpenBSD operating system from such previously disclosed, as well as future timing attacks, the OpenBSD project has disabled the hyper-threading feature on Intel processors by default, as part of system hardening.


Mais do que uma solução tecnológica, somos uma decisão estratégica para as organizações.

Nossa missão é redefinir a relação das empresas com a cibersegurança e a experiência dos usuários no processo de autenticação e acesso a ativos tecnológicos.