VideoGuard (sometimes referred to simply as NDS), produced by NDS, is a digital encryption system for use with conditional access television broadcasting. It is used on digital satellite television systems - some of which are operated by News Corporation, which owned about half (49%) of NDS until its sale to Cisco in 2012. Its two most widely used implementations are BSkyB's Sky in the United Kingdom and Ireland and DirecTV in the United States, the former of which launched the digital version of the system in 1998. Several other broadcasters around the world use the VideoGuard system, including Hot (Israel), Yes (Israel), Viasat (Scandinavia), SKY Italia (Italy), Sky Brazil (Brazil), Sky Network Television (New Zealand), Foxtel (Australia), Airtel DigitalTV (India), Tata Sky & Hathway (DVB-C) (India), Astro (Malaysia), D Smart (Turkey), TotalTV (Balkan), ONO (Spain), Canadian Broadcasting Corporation (Canada), China Central Television (China), Serbia BroadBand (Serbia), Telewizja Polska (Poland) and KabelBW (Germany), Vivacom (Bulgaria), Dolce (Romania), STAR TV/Fox International Channels (Asia), Cignal Digital TV (Philippines), Aora TV (Indonesia), Telecom Italia (Italy), OTAU TV (Kazakhstan), OTE TV (Greece).
Since the majority of content provided by companies like BSkyB requires subscription, VideoGuard protects that content by encrypting both standard subscription channels and pay-per-view movies and events. Access flags can be downloaded to the subscriber's card either over the air (via 'hidden' data streams) or by using the box's built in modem, thereby allowing rapid changing of channel packages and ordering of events.
Already in use in America since 1997, the VideoGuard system was introduced to the UK by NDS in 1998 with the launch of Sky Digital, replacing the VideoCrypt system (also supplied by NDS) in use on Sky's analogue broadcasts. To date, despite widespread piracy of the US DirecTV service between 1997 and 2002, the implementation in the UK has remained secure, although various pay per view flaws have been identified in the past. Even these flaws are related merely to the circuitry of the set-top box (STB), rather than the NDS card. It is suspected that the version initially used by Sky was either insecure or close to being broken, as a software update rolled out to all boxes required replacement of the BSkyB subscriber's viewing card. Even so, wholesale card replacements are rare, currently having occurred just twice during the lifetime of Sky Digital - once in 2002/2003, and again in 2009 (replacements carried out between April and June).
While most commonly used to protect pay-TV, VideoGuard is also used by numerous non-subscription broadcasters to enforce geographic rights restrictions. VideoGuard has been used by the BBC, ITV, and Channel 4 to restrict non-UK viewing, although in recent years these broadcasters have moved to broadcasting FTA on the more geographically restricted footprint of the Astra 2D satellite which is mainly, although not entirely, focused on the UK and Ireland. In some cases, encryption is still used on some versions of ITV and Channel 4 services where rights issues or a lack of capacity on the Astra 2D satellite are an issue.
Many broadcasters choose to pair their cards, meaning that a paired (also called "married") card can be used only in a specific broadcaster-supplied STB, or by using the serial number from said receiver with one of the reverse-engineered solutions. In the case of Sky, all cards are married to a particular STB, although almost all non-premium channels will still allow viewing even if the box and card are not paired. Other channels, such as Sky's sports and movie channels, cannot be viewed unless the viewing card is being used in its specifically paired set top box.
VideoGuard is unusual in that legitimate external conditional-access modules are not available, the encryption system instead being built into the hardware and firmware of platform-supplied set-top boxes. However, several groups have managed to reverse-engineer VideoGuard to the point where a legitimate subscriber's card can be utilised in third-party receivers to decrypt those channels which that subscriber is authorised to view. A software CAM emulator exists for the Dreambox & Triple-Dragon Linux-powered satellite receivers, along with the Diablo, Dragon, Giga-Blue and T-Rex conditional-access modules. Some of the reverse-engineered solutions are unable to update the card, meaning the legitimate card needs to be returned to official Sky receiver for a few hours (or overnight) to be refreshed, or programmes will no longer decrypt. An example of a reverse-engineered solution that does support card updates is NDSCam.
Sky 2009 card replacements
As of late March 2009, BSkyB have begun issuing replacement NDS smartcards. These new cards are believed to close off the current software CAM loophole.
- ReadMe.txt from NDSCam ver.0.0.0.7
- NDS official website - technical and business information on VideoGuard