back to article Sons of IoT: Bikers hack Jeeps in auto theft spree

A Tijuana-based biker gang is accused of hacking hundreds of trucks over two and a half years as part of a multi-million-dollar auto theft ring. The San Diego offices of the US Department of Justice and the FBI said that nine members of the Hooligans Motorcycle Club used stolen dealer credentials and handheld diagnostic …

  1. regregular

    >> The DoJ believes that, armed with the duplicate key, a thief popped the hood of the car to disable most of the alarm system and open the door.

    1. Really? If the alarm system wiring / fuse box is easily accessible through a popped hood that is a serious design flaw.

    2. Why would you even need to bother? If you legitimately open the door by mechanically unlocking the door lock the alarm should not go off. If it did it would be another design flaw and defy logic.

    Are Jeep vehicles really wired that idiotically?

    1. Antron Argaiv Silver badge
      Thumb Up

      Are Jeep vehicles really wired that idiotically?

      Jeep Wranglers, specifically. The hood can be opened by flipping a couple of external latches.

      And yes, they are the product of the combined design ability of Fiat and Chrysler. So nothing would surprise me.

    2. Anonymous Coward
      Anonymous Coward

      "If the alarm system wiring / fuse box is easily accessible through a popped hood that is a serious design flaw."

      Well then, get thee to Detroit post haste, young engineer! There's (bad) work to be undone! Seriously, where do you think the battery is, does that need another door to protect that? What if the alarm system box is in the cabin? What then? Is there a place on a car, or a device that will thwart someone armed with manufacturer knowledge and devices, AND a properly fitted key? All they needed to do was disable the primary alarm, get in, program the new key to the car RFC/key thingy, and away they go! Which also answers your second question; yes they needed to disable the alarm, THEN they needed to pwn the engine electronics security. So, yes, they did need to "bother."

      And so what. What if they just smashed and grabbed the car and hot wired it? Same thing, but not as elegant and effective as this method that a wacky Mexican biker gang (probably high as fuck on PCP, bathsalts, meth, and cat urine!) managed to do for several years without being nabbed. I say they did a fair job and a novel process. And nothing of value was lost! These are just shitty Jeeps, not the real Willy's Jeeps of old, just crappy SUVs barely suitable for a family outing, much less climbing hilly terrain. If you want a good off-road vehicle, get an old Toyota Land Cruiser, or a proper Indian(? or is that just the Jags?) built Range Rover, but not the Sport, or that Evomitch. Those are city SUVs, and strictly for the ladies.

      "Are Jeep vehicles really wired that idiotically?"

      Yes, and that's as good a job as they'll likely do. Take the most advanced car and security; it can be thwarted with knowledge of the system, and that you can get to the vehicle and physically pwn it. Here's a tip; park in a fucking garage. Most idiots just use the garage as another room of the house. It's for parking your car, if you would like it to remain safe throughout the night. Duh. I've yet to see a car that can't be broken into. Do let Detroit know of your special knowledge, I'm sure they will hire you straight away! :P

      1. regregular

        >> Seriously, where do you think the battery is, does that need another door to protect that?

        It can go pretty much anywhere. And the article was not talking about unhooking the battery (which proper brands defend against by powering the alarm circuits with a small emergency power source NOT accessible from engine bay), but unhooking the alarm system. Because with the battery cut off you can't very well use the diagnostic port to register the duplicate key, can you, genius?

        >> What if the alarm system box is in the cabin? What then? Is there a place on a car, or a device that will thwart someone armed with manufacturer knowledge and devices, AND a properly fitted key?

        No, which is exactly my point, yound padawan. With a fitted key all bets are off anyway and it makes no sense that someone (allegedly) had to disarm some alarm system. So either there is shoddy reporting on the side of the DoJ that describe modus operandi wrong or some serious engineering idiocy.

        >> All they needed to do was disable the primary alarm,

        >> yes they needed to disable the alarm, THEN they needed to pwn the engine electronics security.

        No, they SHOULD not need to do that. With a proper key the alarm should not go off. If your keyfob is out of juice or defective, opening the door mechanically with the cut key should not set off an alarm.

        >> And so what. What if they just smashed and grabbed the car and hot wired it? Same thing,

        Not really. That should set off the alarm. Just like tilting / rocking the car (think pulling/lifting onto trailer).

        >> I say they did a fair job and a novel process. And nothing of value was lost!

        I don't disagree, especially with "nothing of value" part. Because if the car is really engineered to bother it's customers with the alarm just because they dare to use a properly cut mechanical key I'd say good riddance. But, in reality, probably not even Mexicans would take possession of such shoddy lunacy, except for disassembling... oh wait, there you go.

        >> Take the most advanced car and security; it can be thwarted with knowledge of the system, and that you can get to the vehicle and physically pwn it.

        Without a doubt. But in this particular case, the not so uncommon case of a dead/defective keyfob would supposedly trigger the alarm even for the legitimate user. I mean, by including the cut key with the keyfob the manufacturer basically allows for this case. He says, well if you drop in a puddle, accidentally fire it from a spud gun or whatever, use the mech key, the transponder will disable the immobilizer even without power, well you're good to go. But if the DoJ is right Jeep thought differently, and I want to know who's the idiot here.

        >> Duh. I've yet to see a car that can't be broken into. Do let Detroit know of your special knowledge, I'm sure they will hire you straight away! :P

        Broken into will always work on a metal can with a huge amount of surface glass. And unfortunately driving away is also easy, even with high end brands. Because those idiots do not use proper protocols. It would be easy enough to thwart the "open the can and use diag interface to register new key then driva away" approach.

      2. Down not across Silver badge

        I say they did a fair job and a novel process. And nothing of value was lost! These are just shitty Jeeps, not the real Willy's Jeeps of old, just crappy SUVs barely suitable for a family outing, much less climbing hilly terrain. If you want a good off-road vehicle, get an old Toyota Land Cruiser, or a proper Indian(? or is that just the Jags?) built Range Rover, but not the Sport, or that Evomitch. Those are city SUVs, and strictly for the ladies.

        Novel? Duplicating keys with dealer doesn't sound particularly novel to me.

        Wrangler is pretty much descedanct of Willys/CJ-7 as it has evolved around the years. Sure they had some models without lockers that never should've been sold. Unless you got crap version without lockers, its fairly capable off-road vehicle. Saying it is no good for hilly terrain is at odds with Wrangler setting Guinnes world record in 2007 while climbing Ojos del Salado. (linky)

        No objection to your opinion on old Land Cruisers or Land Rovers, or RR Sport or Evoque (horrible thing that is).

        As for Range Rover, I'd rather take Jeep Grand Cherokee to go off-road with.

    3. Anonymous Coward
      Anonymous Coward

      Alarms

      >2. Why would you even need to bother? If you legitimately open the door by mechanically unlocking >the door lock the alarm should not go off.

      On most "modern" cars (15 years +) which are designed to be used with a remote key fob for unlocking, the alarm will be activated if you use the mechanical key to unlock the doors. To silence the alarm you then have to insert a registered/paired key into the ignition switch pdq.

      It actually makes sound logical design sense, as a mechanical brute force on the lock, or a forged key will trigger the alarm.

      1. Neil Barnes Silver badge

        Re: Alarms

        Hah.

        I discovered the hard way that the electronic locks on my car can be defeated by a kitchen knife: a cut through the bundle going into the door persuades the controller that the mechanical lock has been properly opened using a key. The controller then politely opens all the deadlocks.

        At a guess, the maker used cheap logic on the controller input: either ground or pull-up (so the cut wire gives a pull-up) instead of using the elementary security input of two resistors and an analogue input that would pull to half rail in the case of an open circuit wire...

        No names, since the flaw is almost certainly common across the entire range of vehicles from this manufacturer, with whom I am still in discussion.

        1. Alan Brown Silver badge

          Re: Alarms

          "No names, since the flaw is almost certainly common across the entire range of vehicles from this manufacturer, with whom I am still in discussion."

          Expect to see a gagging action in 3...2...1...

      2. regregular

        Re: Alarms

        >> On most "modern" cars (15 years +) which are designed to be used with a remote key fob for unlocking, the alarm will be activated if you use the mechanical key to unlock the doors. To silence the alarm you then have to insert a registered/paired key into the ignition switch pdq.

        Define "most", plesae. Most "modern american" cars? Because this does not hold true for ANY of the modern cars I have owned / driven in the past and had the need/curiosity of opening mechanically. That includes a 2006 Alfa Romeo, a 2003 VW, a 2012 BMW, a circa 2010 Audi A6. There is a trigger switch in the door lock assembly that will immediately trigger the alarm if you try to turn the lock brute force or if you try to pull the core out. But using a properly cut key to turn the lock without force has not set off the alarm on any vehicle I have ever seen (here in Europe). It in fact not only doesn't trigger the alarm (because door is opened) but it disables the "movement detection" sensor in the interior on all examples.

        >> It actually makes sound logical design sense, as a mechanical brute force on the lock, or a forged key will trigger the alarm.

        You are talking about two different things. Brute force (screwdriver) will sound alarm. A forged key is indistinguishable from a real one as far as the mechanical doorlock assembly is concerned. If the cut is right it fits.

        The opposite is correct, if you have the legitimate key, but the keyfob lock/unlock is broken it would essentially mean the car cannot be used if it was indeed wired / setup like this. You could open the door with the mech key but the alarm would be blaring for no good reason at all.

        You have to allow for complete failure of the keyfob electronics (dead battery, broken electronics) or you will have pissed customers swearing on $DEITY that they will never again buy a car from $BRAND. That is why the mechanical key is still part of the fobs. And the transponder for immobilizer is separate from the keyfob electronics and will allow starting of the vehicle so customer can haul himself home and replace battery or buy an overpriced replacement fob from dealership (and on being quoted the price he will then swear to $DEITY to never again...)

        1. Hairy Scary

          Re: Alarms

          I have had the alarm go off on my car because I locked it with the fob but when I returned to it the fob wouldn't work (the battery had died), unlocking with the key caused the alarm to go off. The way to silence it was to put the key in the ignition, turn on and wait till alarm stopped -- then you could start and drive normally.

          If you lock the car with the key then you can unlock with the key and the alarm won't go off, it only happens if you lock with the fob then unlock with the key. According to the handbook this is to prevent theft using a duplicate key (because the duplicate key's fob would not have the correct code unlock the door and unlocking with the key itself will result in the alarm sounding). Mind you if the would-be thief knew enough he would simply put his duplicate key in the ignition and wait till the alarm stopped then drive off.

          The car? an 8 year old Kia (don't laugh -- it's fine as a daily runner) so it's unlikely to be stolen anyway :-).

          1. Anonymous Coward
            Anonymous Coward

            Re: Alarms

            Had 2003 VW Beetle (the irony on it - it was made in Mexico).

            20 seconds after the door is unlocked and opened mechanically with the key the alarm fires up.

            But if in the meantime I managed to crank the engine (factory immobiliser with fob inside the key) the alarm is disarmed.

            Simples

            Haven't tried on newer (and electronically superior) reasonably high-spec (for a van) 2014 VW Transporter but doubt it will be different than the Beetle.

            Thinking about it it might be worth checking if I am compelled by law to have the VIN visible at all times.

            If not I am going to obscure it right away, just because I am paranoid.

            1. Chris 125

              Re: Alarms

              This is also true of all Ford's I've come across between 1997 and 2009 - use the key and the alarm will go off, because who uses a key these days?

              Incidentally, there's no law (in the UK at least) about having a visible VIN number. There are plenty of websites that will translate a registration plate into a VIN though - no logins needed, publicly accessible.

              Anyway, my big problem here is the headline. They didn't hack anything - they used a stolen password (not hacking) to make a key through the correct channels (not hacking) and unlock a car (and if that's hacking, lock everyone up). Theft yes, but at most you could collar them for unauthorised use of a computer system.

              1. Anonymous Coward
                Anonymous Coward

                Re: Alarms

                I lost my key to a late nineties Peugeot car. The official dealer required the VIN and proof of ownership, and then payment for a call to Peugeot to receive two codes - one described the physical shape of the key, the other for the passive transponder in the key. Then an independent key man came out to stranded vehicle. He used the first code instruct a small mill to cut a blank key. Then, inside the cabin, he connected a tablet to the car's port, placed the blank key in the ignition, and instructed the car itself to program the key with the correct code. (I had assumed he would have a discrete device for writing to the key's transponder, but I live and learn).

                Actually, he spent about an hour scratching his head trying to talk to the car as a Peugeot 306 and getting nowhere... til on a whim he tried talking to it as a Peugeot Partner van, and it worked. "Never use version 1 of anything!" He said, referring g to the tablet and its software he was using as being new, and not as reliable as the older but slower solution. A week later he rang me up to say the company who supplied his tablet and its software might want to see my car to chase down the bug, if that was alright with me. This was around 2006, and the tablet wasn't running a windowed GUI.

                It's common for some independent automotive technicians to get a discount on diagnostic tools if they give solid feedback - they're beta testers, effectively.

          2. Jonathon Desmond

            Re: Alarms

            But the mechanical duplicate key won't have a transponder code recognised by the cars immobiliser, so the alarm will continue to sound and the car won't start, even though the key will mechanically unlock the steering.

            That's why these guys had to pfaff around with the reprogramming I guess. A mechanical duplicate isn't enough to steal any remotely modern car.

          3. Paul Woodhouse

            Re: Alarms

            aye, my 2003 3 series is the same...

          4. Alan Brown Silver badge

            Re: Alarms

            "If you lock the car with the key then you can unlock with the key and the alarm won't go off,"

            That's because the alarm wasn't set in the first place. It's only activated if you use the fob. Don't tell your insurer you're in the habit of doing that or they'll cancel your policy.

      3. J. Cook Silver badge

        Re: Alarms

        Nope: you *have* to use the keyless entry to shut the thing up. and that was on a 2001 GM product, which we can all blame for having to pay $70+ for chip embedded keys in order to start our luxobarges.

        1. Wade Burchette

          Re: Alarms

          It is those accursed GM vehicles whose alarms goes off, even if you use the key that came with it! I hate my dad's Chevy truck, partly because every other month I hear "can you pick me up at the Chevy dealership? My truck has a recall." And it drives like it has an anchor behind it. And then you must always use the key fob to unlock the door or else the alarm goes off.

          I don't like using the key for one big reason: The best way to make sure you can unlock your door from the outside is to lock your door from the outside. With my key, I can physically see the doors lock. And it always works (except with that accursed GM vehicle) even when the battery is dead, both the key fob and car battery.

      4. Florida1920

        Re: Alarms

        On most "modern" cars (15 years +) which are designed to be used with a remote key fob for unlocking, the alarm will be activated if you use the mechanical key to unlock the doors.

        I have a 2001 Mercury that I've owned since new. Until today I never tried to open the doors with the mechanical key. It has an alarm system. After reading your comment I went out and opened the door with the key. The alarm did not sound.

    4. Alan Brown Silver badge

      "If you legitimately open the door by mechanically unlocking the door lock the alarm should not go off. "

      It does on most european cars. Disabling the alarm is done with the remote and if you have to go in with a key the only way to silence the alarm is to put a valid (paired) key into the ignition.

  2. Antron Argaiv Silver badge
    WTF?

    Five years?

    For organized crime? I shouldn't be surprised, I suppose. But stealing vehicles on a continuing basis, for export sale, does seem like it might warrant a somewhat stiffer sentence, seeing as how it's more of a career criminal thing, rather than a kids out joyriding one.

    1. Marketing Hack Silver badge
      Headmaster

      Re: Five years?

      To be fair, there are probably multiple counts of these crimes, so if the judge goes for consecutive sentencing, you are up the river for a very long time.

  3. EveryTime Silver badge

    Not IoT related, just bad security

    Sophisticated car security has been around for over two decades and Jeep still has it wrong?

    The European Insurance Commission issued guidelines in the early 1990s requiring more sophisticated protection. BMW, for example, introduced their system in 1993. The dealers don't have access to the key cut codes or the security programming information. They have to request that a key be made by the regional distribution center.

    Of course the dealers love this system. It's used to charge outrageous amounts, over $300 from some dealers, for replacement keys. And even more for a 'new' security module if all 10 key slots are used. But it does prevent this kind of security breech, which is completely predictable if you let every dealer (and thus an unknowable number of un-vetted people) have access to the keying information.

    Clever people have reversed engineered the BMW system so that you can cut and program your own keys. But you still have to remove the inconveniently mounted security module and connect directly to the microcontroller pins to extract or reprogram the security keys. While it's not what BMW intended, the result is a good compromise between security and owner repair capability.

    1. Eddy Ito Silver badge
      Meh

      Re: Not IoT related, just bad security

      So the Hooligans would need to steal the credentials from the regional BMW distribution center instead of the dealer. Somehow that doesn't sound like it would be that much more difficult.

      1. EveryTime Silver badge

        Re: Not IoT related, just bad security

        The 'regional' BMW distribution center for the U.S. is a big facility in New Jersey that's not open to the public. I'm pretty sure that it is vastly more difficult to "steal the credentials" from there than get a low-level job at any local dealership and use the parts counter terminal during the lunch break.

        Even with a system that allowed distributed access to the key database, Jeep should have had a system in place to log and analyze access to the database.

    2. regregular

      Re: Not IoT related, just bad security

      This is not 100% correct. I think your procedure applies only if all keys known to the vehicle computer are lost.

      If you just lose one, you can order a replacement, it will arrive mechanically precut at dealership, and then the local dealer can use his diagnostic device to program the new keyfob into the vehicle. Procedure simplified:

      1. Diagnostic device communicates to BMW central servers to get auth/leave audit trail

      2. At least one keyfob known to vehicle has to be present for "authentication"

      3. New keyfob is registered

      4. Lost or broken keyfob is removed from pool

      Unfortunately, BMW fucked it up majorly, and you can steal even the recent ones by using a handheld aftermarket piece of kit and generic transponder. Somewhere in the procedure is a way to bypass the "known keyfob present" requirement. IIRC from the tech analysis it had to do with shitty crypto implementation. It is possible to just a third key into the pool, bypassing the theoretically quite clever system.

      There's youtube videos that show pros pulling that off, evidently on some models the interior motion sensors are too narrow, and you can smash a window, wiggle you arm to the diagnostic port without triggering the alarm, connect the handheld device, scramble the new key into the pool. Then you click the fob and off you go.

      1. Alan Brown Silver badge

        Re: Not IoT related, just bad security

        "you can smash a window, wiggle you arm to the diagnostic port without triggering the alarm"

        Which is why a decent alarm includes a glass break sensor as well as movement ones.

  4. frank ly

    Nothing to hide

    "... a member obtained the truck's vehicle identification number (VIN), which is usually printed on the dashboard."

    It's the same in England, with the VIN number; visible for all to see. I assume this is so a police officer can walk by and easily run some kind of check on the vehicle?

    1. regregular

      Re: Nothing to hide

      Yep. Back when Europe had borders and expensive cars used to vanish towards the east of Europe it was supposed to be an easy way to verify whether VIN was registered as stolen.

    2. SImon Hobson Silver badge

      Re: Nothing to hide

      Yes, it does seem like a flippin stupid idea doesn't it - leave the vehicle identity on full display for anyone to get with zero effort. Then add in basic mistakes by manufacturers using the VIN as the key to creating an online account to remotely control the vehicles ...

      1. Eddy Ito Silver badge

        Re: Nothing to hide

        Oddly a clever crim can change a VIN with one salvaged from the scrappers. At least they won't go around chopping off fingers to steal the cars. Well, not yet for Jeeps anyway.

      2. Gene Cash Silver badge

        Re: Nothing to hide

        No stupider than people using Social Security Numbers (which were never meant to be either private or a means of ID) as database keys.

      3. mark 177

        Re: Nothing to hide

        I think the addition of a second, highly-visible VIN in a hard-to-get-to place behind the windscreen (in addition to the one on the car ID plate) was to make it harder for thieves to swap the VIN for a fake one.

        1. Alan Brown Silver badge

          Re: Nothing to hide

          "hard-to-get-to place behind the windscreen (in addition to the one on the car ID plate) "

          1: It's not hard to get at if you remove the windscreen and even without breaking the screen there's somewhat of a dark industry in making fake vin plates that can be slipped into position without looking out of place. I'm a bit surprised that most makers haven't put some kind of tamper shield around the location.

          2: The VIN is stamped on a half dozen other (usually undocumented) places on every european/japanese/american vehicle made in the last 30 years (it was one of those hidden VINs which identified the truck that Timothy McVeigh used). This is how "cloned cars" are usually confirmed, as crims are only going to change the 2 obvious locations and expect that the mark won't check the others.

  5. Anonymous Coward
    Anonymous Coward

    IoT - Internet of Threats and now...

    Internet-of-Thefts....

  6. FozzyBear Silver badge
    Happy

    Umm. It's removing those gas guzzling accident prone lemons off the roads a community service, not theft. It least that would be my defence.

  7. mark 177
    WTF?

    Are Jeeps that expensive?

    "This scheme is believed to have netted members of the Hooligans gang around $4.5m in profits from more than 150 vehicles."

    That's $30,000 per vehicle! For dodgy second-hand parts sold under the counter?

    Pull the other one.

    1. Brian Miller

      Re: Are Jeeps that expensive?

      Yes, they are that expensive. The used parts trade is huge, which is why a lot of automobiles are parted out after being stolen. A Jeep can be disassembled quite easily. Plus the parts may be sold as "new" if it's from the current model. And many of these pavement-only Jeeps are in, in fact, like new condition.

      1. mark 177

        Re: Are Jeeps that expensive?

        We,, the article says that the Jeeps in question are Wranglers - I think this is one of the less expensive models. According to the Web, the highest list price (no discounts) for a Wrangler model is $ 37k. The lowest is $24 K (again, without any discount).

        If you can take a $ 37k vehicle apart and sell its stolen, used parts on the black market for a profit of $ 30k, then either you are a Trump-like sales genius, or the buyers are 100% mugs.

        1. Vic

          Re: Are Jeeps that expensive?

          If you can take a $ 37k vehicle apart and sell its stolen, used parts on the black market for a profit of $ 30k, then either you are a Trump-like sales genius, or the buyers are 100% mugs.

          It's quite normal for a vehicle to be worth more as parts than as a whole; this is why scrapyards exist...

          Vic.

          1. Dave 126 Silver badge

            Re: Are Jeeps that expensive?

            If you tried to build a car from its parts catalogue, it would cost you several times the cost of the new vehicle from the dealer. So, dont use the sticker price of a Jeep to estimate the resale value of its parts.

            The price charged by manufacturers for replacement parts actually subsidies the price of the new car, because the price of a new bumper or headlight is often paid for by an insurer and thus not considered by a prospective car buyer on the forecourt. One you've bought a car, you're tied to one supplier of parts, much like printers and ink cartridges (okay, okay, I know that by law in the UK car manufacturers can't discriminate against owners who have 3rd party parts fitted by independent garages, but whilst several people make replacement coil springs or starter motors for my car, it is likely that only the original car manufacturer makes suitable headlights or bumpers, due to tooling costs)

          2. Yet Another Anonymous coward Silver badge

            Re: Are Jeeps that expensive?

            >It's quite normal for a vehicle to be worth more as parts than as a whole;

            Jeep Wranglers also have a more than typically robust market for spare parts.

            Although supposedly some of the newer models are able to drive off the dealer lot under their own steam rather than be towed directly to the service dept

          3. jmarked

            Re: Are Jeeps that expensive?

            Definitely expensive as parts, especially for older ones in great conditions. When we are looking for replacement steel truck wheels for the truck project, we saw a set of CJ7 stock wheels on the scrapyard and the owner trying to sell them for $900.

      2. Chris 125

        Re: Are Jeeps that expensive?

        So you spend the time cleaning the parts up - probably using some sort of ultrasonic cleaner, as even a few weeks on the road will build up grime in crevices, or oil residue on the internal parts.

        You then need to get the original style box to put it in. Who on earth buys "new" parts that are dirty and not in a box? I'm struggling to see $30k profit after all that time. Perhaps you could sell them to a shady garage who will just tell the customer they were new parts - the garage will probably give you 25% of the true value though, since they know they're not actually new.

        Also, all the panels are painted - not new.

        1. Outer mongolian custard monster from outer space (honest)

          Re: Are Jeeps that expensive?

          Eh? ultrasonic cleaner?

          More like steam clean it off with a diesel pressure washer. If theyre feeling particulary sensitive they might use detergent too, then feed them back into the supply chain as used but guaranteed, or even "recon" if theyre good enough to pass muster as such. Maybe some oppo will be dispatched with a aerosol to make them shiny looking again once the grime is steamed off. Steam cleaners are quite good at removing stuff, I once accidentally removed the paint off a week done painted car door using one.

          Who on earth buys used axles and parts? people that don't want to pay 3k upwards for a replacement.

          https://www.summitracing.com/int/search/part-type/axle-assemblies/make/jeep/model/wrangler

          So break that down a bit, axles 1-2k apiece, driveshafts, transmission + transfer box a few k too, steering system, complete engine, ems with keys programmed to it, interior sets, roll bar, springs, panels, radiators etc. The 30k figure is quite plausible.

    2. Alan Brown Silver badge

      Re: Are Jeeps that expensive?

      "That's $30,000 per vehicle! For dodgy second-hand parts sold under the counter?"

      Yup. The secondhard parts value of most cars is higher than the intact sale price.

      For high end models the darknet secondhand price is frequently higher than the NEW price of a vehicle and there's somewhat of a market for factory runouts to go straight to breakers for various models.

  8. Big_Boomer Bronze badge

    Doofuses!!!

    What part of MORE THAN 150 vehicles do you have difficulty understanding? Doofuses!!

    As for spares prices, if you built the car using parts bought at HALF of manufacturers spares prices, then it would cost you well over $100,000. No wonder the Tories are leading in the polls when people don't even seem to understand basic economics and mathematics.

  9. MoabMan

    The Jeep Wrangler probably has the highest proportion of after-market modifications of any car marque globally. In almost every country where the vehicle is sold new or used you will find modified examples.

    If a 'JK' Wrangler is running on 37" tyres then any crook will spot it instantly as being special. If the vehicle has been built for rock crawling or expedition use you can assume $2K went on tyres. If it had stronger replacement axles these will be instantly recognizable without having to get under the vehicle. $6K+ per axle is a reasonable starting value. My guess is that the crooks were targeting 'Rubicon' models and any modified Wranglers as the parts will be far more valuable than the base models.

    In the UK, the current Jeep Wrangler has to have a factory fitted bonnet lock due to UK insurance 'Thatcham' policies. In most other markets the bonnet/hood does not have a lock and can be opened easily from outside the vehicle. This is an artefact from the WW2 Jeep that is extremely practical when the vehicle is used off road but Jeep really could have put some design time into securing the hood for dual purpose street/off road use. Having to open the hood with a key when you are knee deep in mud or water, or in freezing conditions when the lock has frozen isn't practical.

  10. Nick Pettefar

    Not sure that the method of transport used by the criminals is relevant here. I am a biker and am not involved in this crime. Criminal gang would be more apposite. Is this transportism? Vehiclism? after they've stolen the jeeps, won't they be a jeep gang?

  11. Yet Another Anonymous coward Silver badge

    Landrover also vulnerable

    Thiefs have been fitting extra cogs from an after-market analytical engine to bypass the original Babbage parts in the onboard computer

    1. Captain Badmouth
      Thumb Up

      Re: Landrover also vulnerable

      Upvote for snide attack on Landrover.

  12. JaitcH
    Happy

    Electronic Keys Unsafe? Guess What, so are Mechanical Keys!

    A device called the Electronic Key Impressioner (EKI) comes with common vehicle keyway inserts, a USB cable, and lock mapping software. It uses magnetic fields to measure the characteristics of each individual pin tumbler.

    At first they were strictly controlled but these days they can be bought all over with no restraints.

    I drive a motorcycle in the city and the police, and car park attendants, are very adept at snatching keys from the locks which permit key withdrawal from lock+park and locked positions. I had the lock modified so that they key removal is limited to lock+park which also requires the handlebars be turned to the left.

    You can't beat a Master Battery Switch!

    1. Outer mongolian custard monster from outer space (honest)

      Re: Electronic Keys Unsafe? Guess What, so are Mechanical Keys!

      I've got a rfid token sewn into my glove, and a latching relay setup. I can turn it off and on by waving my hand over the rear tail unit. Confuses the hell out of people and under $30 to do, though I do have to watch my gloves a bit more. I've seriously considered one of those pet style rfid chip implants to eliminate the gloves, but there's a few cancer scares with longer term implantation so I'm holding off for now.

      Its in the tail unit so I don't accidentally turn the ign off during a moment mid corner. If I'm falling off the back I don't mind so much if it disables the ign.

      1. Alan Brown Silver badge

        Re: Electronic Keys Unsafe? Guess What, so are Mechanical Keys!

        "I've got a rfid token sewn into my glove, and a latching relay setup."

        In the old days (before immobilisers) people would have hidden switches controlling the ignition or fuel pumps. These worked relatively well until thieves started working out that they existed and looking for them (there are only so many places you can put a hidden switch and still have it reachable from the driver's seat.)

        My modification on this theme was a monostable timer driving a relay which shunted the ignition controller (aftermarket TAI fitted) on a 15 seconds on 30 seconds off cycle. The only time someone managed to steal the car (using a key they'd stolen from inside the house), we found it a few dozen yards down the road. It seems thieves don't like "unreliable" cars.

  13. Peter Stone

    Let's talk car alarms.

    First off, disclosure. Between mid 1986 & mid 1989 I worked as an electronic design & development engineer for EDA Sparkrite in Walsall. Who, for those who don't know, made car alarms for the afterfit market.

    The first thing I want to say isn't of earth shattering importance, but cars & their components are made to provide the maximum profit for the minimum cost. Just because the car costs x thousand

    pounds to buy, it shouldn't be assumed that the car alarm that's fitted would cost a comparable amount or contains sophisticated electronics. Usually it's dirt cheap electronics & can be

    purchased under it's trade name cheaper. I have personal knowledge of this.

    At the start of the comments it was said that if you can remove the hood, & access the battery & fuse box then a mistake has been made. With the afterfit market, there were usually plunger switches provided, (like those used to turn on the interior light when the door is opened), to protect both the boot & the bonnet. So if these have been omitted, it's most lilely for cost.

    Saying that, it's not hard to disable a car alarm. The first way is to take a core of either 2.5mm or 4mm twin & earth cable, & attach a croc clip to either end. Attach one end to the connection to the horn, the other to the body work, & then trigger the car alarm, & if the manufacturers have skimped on the number of fuses, pow, the fuse blows & with a 'bit of luck' disables the car alarm. the second way is similar to the first but involves smashing the headlight & earthing the headlight bulb's filiment with similar results. The handbrake is on? Then a pair of strong wire/bolt cutters applied to the handbrake cable solves that problem.

    Of course, if the aim is ti merely steal from cars, then a classic attack method is to constantly trigger he car alarm at night, then with some 'luck'. the cars owner will disable the alarm & then the car can be broke into at leasure. A 'personal' story is one that happened to my ex-brother in law & his friend. They decided to go rallying, & to this end took a ford escort & made it into a rally car. This was easy for them to do as both were mechanics & the friend had his own garage. They built the car & used it, when one morning six months later, the car was found to be missing from the friend's drive. Dispite having a Sparkrite alarm fitted. Asking around the nieghbours if anyone had seen anything, one guy admitted seeing the car being pushed onto a low-loader at three in the morning, his excuse for not phoning the police, was that he thought it was being taken away for some work to be done on it!

    There is one last method of breaking into cars, simply if a spare fob is ordered, then get an accomplice in the garage to order two instead of one.

    This leads to the last problem with car alarms, human apathy. I mean how many people have heard a car alarm going off & paid no attention to it?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019