What is Videoguard?

You can’t watch DIRECTV without a subscription. You can’t copy the content off your DIRECTV DVR’s hard drive. Forget about even trying to transfer recordings from one receiver to another. I get it, those are some annoying limitations. But, at their core is the reason that DIRECTV Satellite TV works in the first place. That system is called VideoGuard and it’s so good that after 25 years it still hasn’t been hacked.

Why satellite TV works as a business

In order to understand the good and the bad of VideoGuard, you need to look back at the very early days of satellite TV in the United States. Satellite television as a business owes its life to a very liberal interpretation of broadcasting laws. When broadcasting was first imagined, there were two strict types. All broadcasts meant for consumers were to be 100% free and all receivers had to pull them in. All broadcasts for government use were private, and radios for them weren’t sold to consumers.

That sounded great in the 1930s but today’s reality is a little different. People figured out how to get the broadcasts they weren’t supposed to get, even those satellite broadcasts that different companies used to get their services across the country. By the 1980s there was a brisk business in big satellite dishes that let regular folks get a lot of free TV.

This endangered the profit model of a lot of big companies, and the government went to work. They passed laws that allowed companies to encrypt satellite signals and sell hardware and service to let you decrypt it. The entire home satellite TV industry is based on this principle.

VideoGuard encryption

VideoGuard was developed by a company called NDS. At one time this was a sister company to DIRECTV, when both were majority owned by News Corporation (which also owned Fox at the time.) NDS’s encryption system uses an access card and military-grade encryption to make sure that programming comes in and is stored securely.

DIRECTV has used VideoGuard for most of its existence, and it’s believed that the most current version used was developed in house. Of course that information is kept very secure.

Here’s what we do know

It all starts with the access card. The AT&T folks call it a “conditional access module.” The card has a keycode in it that is unique. It doesn’t belong to any other receiver. It’s not just the number, there’s encrypted information there as well.

Satellite TV is a one-way medium so there is a constant stream of data coming down from the satellite showing what each access card can let you watch. This same information is probably available over the internet but the system has to work even without internet service.

Your receiver looks to this stream. It then compares your access card number and the encrypted key to the package the stream says you have. That information is then used to let you watch the content you want.

All DIRECTV content is encrypted with strong, military-grade encryption. Using your access card number and the information from that satellite stream, on-board chips decrypt the signal in real time.

If you are using a DVR, we believe there is a second layer of encryption. The satellite signal itself is encrypted and the files that are on the DVR also seem to have a level of encryption that includes the access card number as well as the onboard receiver ID. You can’t just take a hard drive out of one DVR and put it in another one. Even if you use the same access card, the receiver IDs are different so you can’t watch anything.

Is this level of encryption really necessary?

I would have to say, yes. Without strong encryption, no content provider would let AT&T show their content. If you could just pull programs off the hard drive, you could make unlimited free copies and no one could charge for anything.

VideoGuard, at least AT&T’s version of it, has never been fully hacked. There have been several generations of access cards, each with fancier and fancier encryption. We also believe that since HD programming came in back in the 2000s, that it may also be more heavily encrypted. No one knows for sure since the whole system is so secure that it’s never been breached.

It is said that in the depths of AT&T’s Engineering labs there are what’s called “Engineering cards.” These are access cards that let you view every program available to you. It’s said there are very few of these, and that it’s practically impossible to get to them. Only one person I’ve spoken to has ever even seen one. Of course they’re very closely guarded — imagine if they got out into the wild.

What if VideoGuard were hacked?

I supposed it would depend on the level of the hack. It’s believed that access cards were hacked in the past and in that case you just issue all new access cards. I have a feeling that even if the entire system were hacked there’s probably some way in the software to rerandomize the keys or something. I am sure there’s a backup plan. With over 75 million receivers in use today, it would be catastrophic if the only option were replacing all of them. I just don’t see that happening.

About the Author

Stuart Sweet
Stuart Sweet is the editor-in-chief of The Solid Signal Blog and a "master plumber" at Signal Group, LLC. He is the author of over 10,000 articles and longform tutorials including many posted here. Reach him by clicking on "Contact the Editor" at the bottom of this page.