In early January 2018, two major computer processor vulnerabilities were exposed. Dubbed Meltdown and Spectre, nearly every processor built in the last 20 years was left without basic security for its kernel memory – the protected core of an operating system.
Due to the way processors handle speculative execution – how modern processors achieve accelerated performance – a potential attacker can exploit the CPU vulnerabilities to gain access to the extremely sensitive data protected in the kernel memory. This includes passwords, cryptographic keys, and video data.
The Meltdown and Spectre vulnerabilities were especially prevalent on Intel processors and were met with a flurry of firmware and BIOS patches by the large-scale server manufacturers. While the patches were necessary to rapidly remove these critical vulnerabilities, processor-intensive tasks like IP video recording will see a potential slowdown in performance. Video recording places additional stress on the archiver, therefore special consideration is needed versus off-the-shelf IT servers.
Performance Testing Results
System testing was performed to find the expected slowdown after implementing the Meltdown and Spectre firmware and BIOS patches.
- Recording 30 cameras at 150 Mb/s
- Recording and viewing 15 cameras at 30 Mb/s
- OS – Windows 10 Pro 64-bit
- Processor – Intel Xeon E5-2620V4
- Memory – 16 GB
The Meltdown firmware patch was seen to have a negligible effect on system performance – increasing CPU load less than 1%. A more sizeable increase in CPU load was found after testing the BIOS patch for the Spectre vulnerability. Recording devices experienced CPU load increases up to 25-30% – when viewing live or playback video, CPU load nearly doubled.
While the highest CPU load was seen below 50% utilization, systems with higher throughputs may see CPU usage approach 100%.
BCDVideo’s Response & Recommendation
To fully repair the Meltdown and Spectre vulnerabilities, both Windows firmware and the BIOS patches must be applied. Of these two, the BIOS update has a significantly larger impact on CPU load.
All BCDVideo servers are based upon Intel processors. To offset potentially adverse performance due to the necessary firmware and BIOS patching, we will be purpose-building higher performing processor chipsets, and if the situation warrants it, with an additional processor to maintain the exceptional recording performance security integrators and their customers have come to expect.
As always, we recommend following security best practices to keep your systems secure. As with any sensitive data, video surveillance represents an untapped pool of information. Updating default passwords, limiting access to a small number of users, and monitoring all system activity will help keep your video system secure from most threats.