Range Rover.

[Simon]

I thought L322s weren't so affected by insurance premium hikes but this picture is from a cash machine ram raid in Cheltenham - this morning I think.

His just trying to get some more money to pay for his insurance premium.

[GG.]

#solidarity

[mikeyb]

I thought L322s weren't so affected by insurance premium hikes but this picture is from a cash machine ram raid in Cheltenham - this morning I think.

To think they chose one without privacy glass

The late model ones are also keyless entry so in theory would have the same issues as L405. I can't easily tell the age from that pic.

I did run the numbers for insurance on those and they are better but still only in line with other premium 4x4s so I was looking at 3k which is hardly a huge saving given the age / value of car. Plus, given ULEZ L322 diesel V8s are off the cards so I was looking at supercharged petrols (the 5.0) and they're now pretty desirable in good condition and were mainly >20k!

I don’t think any (certainly UK) L322s came with keyless entry. The later ones have keyless start.
General prices of late, tidy L322s are strong, particularly the 5.0 supercharged as you’ve mentioned. It’s a shame the 4.4tdv8 isn’t ULEZ complaint in L322 form, it’s a fantastic engine.

[GG.]

Ah OK - I'm sure you're right. Keyless start is half the problem though as the body control module can be fooled into thinking that a key is in the car by the crims plugging something into the OBD II.

You still need to get in but jammers to stop you locking it or even just a broken window would allow them access. Apparently mine is not susceptable to relay theft anyway because of the ultra wideband tech in the key (and it was cheaper ironically when I changed the car after the first one was stolen) but clearly that's not enough for the insurers by itself.

The recall to change the body control module could be a game changer though as it in theory brings mine in line with current spec, of which under 1% have been stolen.

Agree re the TDV8 - I believe it is basically the same in all material respects as the SDV8 in my car other than the DPF/Adblue tech.

[Mito Man]

I'd like to know how the 1% of new cars are being stolen. If it's by burgling the keys then fair enough but if someone has developed a new bit of software and it's only just going out into the criminal world then...

[GG.]

Yes that's true - its early days but if the new ones have been cracked as well then it will be an all new world of pain for them as all models to date will be uninsurable. Given these thefts have been going on for years prior to the release of the latest model you'd damn well hope they properly got on top of it and the 1% figure is stolen with keys, etc.

I expect this is exactly why the insurance for them doesn't reflect the current theft numbers, though - the insurers are waiting to see how this pans out... On the challenge the road vids his insurer said premiums would be expected to improve in 12-24 months...

JLR sure have a shit load of cars to retrofit though and not clear if pre-2018 can even be updated in this way. Apparently if you lose a key once the update is done it will be £1300 to replace and I was told to bring all keys with me when they do the fix. That suggests to me they are hard coding the keys to the body control module and possible that if you lose one a new BCM is then required...

[mikeyb]

Ah OK - I'm sure you're right. Keyless start is half the problem though as the body control module can be fooled into thinking that a key is in the car by the crims plugging something into the OBD II.

You still need to get in but jammers to stop you locking it or even just a broken window would allow them access. Apparently mine is not susceptable to relay theft anyway because of the ultra wideband tech in the key (and it was cheaper ironically when I changed the car after the first one was stolen) but clearly that's not enough for the insurers by itself.

The recall to change the body control module could be a game changer though as it in theory brings mine in line with current spec, of which under 1% have been stolen.

Agree re the TDV8 - I believe it is basically the same in all material respects as the SDV8 in my car other than the DPF/Adblue tech.

What year is your L405 GG?

An SDV8 405 would be a natural replacement for mine and the improved security enhancements are helping to persuade me!

[NGRhodes]

I'd like to know how the 1% of new cars are being stolen. If it's by burgling the keys then fair enough but if someone has developed a new bit of software and it's only just going out into the criminal world then...

I think it's using relay/replay devices. The remote signal is picked up by a box which can immediately predict the next key code and transmit that signal to unlock/start the RR. This general approach probably works on a range of cars with keyless entry/start, but it takes a lot of know how to work out the pattern to predict the next code. With RR the value and desirability (I presume parts abroad), it has been worth developing the tools to do this.

[Jobbo]

I think it's using relay/replay devices. The remote signal is picked up by a box which can immediately predict the next key code and transmit that signal to unlock/start the RR. This general approach probably works on a range of cars with keyless entry/start, but it takes a lot of know how to work out the pattern to predict the next code. With RR the value and desirability (I presume parts abroad), it has been worth developing the tools to do this.

That was supposed to have been fixed with rolling code remotes, but if the crims know the algorithm for the next code it's just as insecure.

[NGRhodes]

Thinking about it a bit more, I wonder if they are simply doing signal amplification to make it appear to the car, that the key in the house was a lot closer. I thought this specific weakness had been fixed though, maybe thats what the current update is for, there are plenty of tricks you can do around timings, intermittent transmissions, return signals, making keys goto sleep etc to make repeating far less reliable.

[GG.]

Ah OK - I'm sure you're right. Keyless start is half the problem though as the body control module can be fooled into thinking that a key is in the car by the crims plugging something into the OBD II.

You still need to get in but jammers to stop you locking it or even just a broken window would allow them access. Apparently mine is not susceptable to relay theft anyway because of the ultra wideband tech in the key (and it was cheaper ironically when I changed the car after the first one was stolen) but clearly that's not enough for the insurers by itself.

The recall to change the body control module could be a game changer though as it in theory brings mine in line with current spec, of which under 1% have been stolen.

Agree re the TDV8 - I believe it is basically the same in all material respects as the SDV8 in my car other than the DPF/Adblue tech.

What year is your L405 GG?

An SDV8 405 would be a natural replacement for mine and the improved security enhancements are helping to persuade me!

Mines a '68 plate MY19 (i.e. facelift) SDV8 Vogue SE. They're great things and there really isn't anything that is a natural replacement without a significant compromise in one or more areas (assuming you're not focused on the "S" in SUV). I would steer clear of the pre-facelifts with the old style key however as they are still subject to relay theft and the latest recalls don't replace the key for a later one.

[GG.]

Thinking about it a bit more, I wonder if they are simply doing signal amplification to make it appear to the car, that the key in the house was a lot closer. I thought this specific weakness had been fixed though, maybe thats what the current update is for, there are plenty of tricks you can do around timings, intermittent transmissions, return signals, making keys goto sleep etc to make repeating far less reliable.

That was what they were doing for the pre-2019 model years but the Ultra Wideband key in the newer models put a stop to that as it has a precise time stamp in the signal being given off by the key - even a few miliseconds delay caused by it being relayed by an intermediate amplifying device is enough for the car to realise it is being gamed and not open.

The problem for MY19 onwards is that if the signal to lock the car is jammed or the criminals force entry, they can plug a laptop into the OBD II reader to either place the car in service mode (which a tech would do if the keys were lost) or code a further key, which then allows the car to start right up and be driven off.

These latest updates look to be to the body control module which links to the OBD II and, I expect, hard codes the existing keys and prevents any further from being coded without (again, I'm inferring from what I've read) replacing the BCM, or at the very least needing a master code that is centrally held before further keys can be coded.

The UWB key tech is not retrofittable to the pre 19MY (at least not economically), so this is the only thing that will really clamp down on the thefts of 2012-19 pre-facelift cars. That said they've only just announced that they'll be doing 2016-19 which is another half a million cars (!) so it is going to be a long long time before they get back to 2012, indeed if they bother at all...

[Mito Man]

So the new update which prevents new keys being coded will also work on the method in which they cut a slot out of the tailgate and directly tap into the wiring harness? Although I’m not actually sure how that worked.

[NGRhodes]

Thanks GG - The ultrawideband tech is what I was thinking of. An interesting side effect is that it's very poor at penetrating walls, so much harder to grab the signal from a key inside a house.

[GG.]

Yep - think that's an inherent feature of shorter wavelengths (same for why 5G setting on routers doesn't go as far at the 2G signal).

I was surprised that the JLR bod Challenge The Road interviewed even went so far as to say that you don't need faraday boxes/pouches for the UWB keys...

[GG.]

So the new update which prevents new keys being coded will also work on the method in which they cut a slot out of the tailgate and directly tap into the wiring harness? Although I’m not actually sure how that worked.

I think it was just another way of getting at the OBD II port so if that cannot then be used to produce ghost keys then it would not longer be effective.

Presumably that method was always a more niche approach anyway given it involves sawing into the back of the car and the thief stood there in the open for presumably several minutes splicing wiring. Maybe on a quiet private drive when you're not home but a significant change of getting caught pretty quickly doing that outside the front of a row of terraced houses.

[Swervin_Mervin]

I wonder if they've ever thought about maybe using something like, I don't know, an actual key. The lengths they're going to to make the tech work for the convenience factor whilst keeping the crims out has me wondering if that convenience is really worth the ££hassle.

[GG.]

I think that horse has bolted. Tech fixes must be a lot lot cheaper than manufacturing the bits to retrofit a million cars with physical keys. Given the choice of going down the keyless start from scratch though I agree they'd presumably think twice.

I guess they could have abandoned it for the latest cars but that would have been a clear admission of defeat. Plus we're really talking about the UK market that is having this problem - presumably elsewhere it is not as acute.

[Swervin_Mervin]

'twas a glib remark about the industry in general to be honest. By the time they sort it, if the cars are still as sought after, they'll just break in and look for the keys. As they would have done if they'd stuck with keys all along.

I don't like keyless though. It was great on my 197 but I don't think anyone's ever done as good a job as Renault did with it, with a proper slim fob. And BMW should have stuck with the fobs that charge in the dash - I'm still on the same batteries in my fobs as 11yrs ago but we're on the 3rd round of batteries in the Skoda's fobs. Progress eh?

[Simon]

My Mercs implementation of keyless is interesting. Firstly, you can disable it with a double press of the lock button on the remote, which I always do unless I'm going into the supermarket and know I'll come out with my hands full and want to 'kick' under the rear bumper to open the boot.

The other thing is that the start button is just a 'button' that slots into the regular ignition slot. Indeed, when I bought the car it was even missing, so I just used the regular key to start it. I bought the button online for about £20 and it just slots in - no coding or anything.

This is it: