How Modern Car Theft Actually Works — And Why It’s No Longer About Breaking In

The image most people still associate with car theft is outdated.

It involves force. A broken window. A forced ignition. A visible act.

Modern car theft rarely looks like that.

At the top end of the market — and increasingly across all vehicles — theft has become a technical, process-driven exercise. Cars are not “broken into” in the traditional sense.

They are accessed, authorised and removed, often without leaving any obvious sign that anything has gone wrong.

That shift is not theoretical. It is reflected in the data. Insurers and security bodies in the UK have repeatedly highlighted how theft methods have evolved, with organisations such as Thatcham Research and the Metropolitan Police identifying keyless theft and electronic intrusion as the dominant techniques.

What sits behind that headline is more revealing.

Because modern theft is not one method.

It is a combination of access, knowledge and timing.

The Keyless Relay — Theft Without Contact

The most widely understood method is the keyless relay attack.

It is also the most misunderstood.

In simple terms, thieves amplify the signal from a vehicle key inside a property — often from a hallway or kitchen — and transmitit to the car outside. The vehicle believes the key is present, unlocks, and allows the engine to start.

No physical key is required. No damage is caused.

The entire process can take less than a minute.

What matters here is not the technology itself, but the exposure. The car is not being hacked in isolation. It is being accessed because the system around it allows that access to exist.

CAN Bus Injection — Access Through the Car Itself

More recently, a more direct method has emerged.

CAN bus attacks involve accessing the vehicle’s internal communication network — often through external panels such as wheel arches or lighting assemblies — and

sending commands directly to unlock the car.

This bypasses the key entirely.

Thatcham Research has highlighted this as a growing concern, particularly for high-value vehicles, because it removes the need to interact with the owner at all. The car itself becomes the entry point.

What makes this method significant is its precision.

It requires knowledge of the vehicle’s architecture. It is not opportunistic.

Key Cloning and Dealer-Level Exposure

At a different level, theft becomes even more controlled.

Keys can be cloned during servicing, inspection or sale processes. Vehicles can be identified, tracked and removed later using legitimate access.

This is the method that underpinned several high-profile dealership thefts in the United States, where vehicles were effectively selected in advance and then taken cleanly at a later date.

There is no forced entry.

Only delayed execution.

Organised Movement — The Second Stage

The theft itself is often only the first step.

Once taken, vehicles are rapidly moved through networks that may involve storage, identity alteration or export. High-value cars are rarely dismantled immediately. They are too valuable for that.

Instead, they are absorbed.

This is why recovery rates for high-end vehicles can beso low. Once the car leaves a controlled environment, it does not remain static. It moves — quickly and deliberately — beyond the point where simple tracking or identification can recover it.

What All of This Has in Common

These methods are different in execution, but they sharea common foundation.

They do not rely on defeating security systems.

They rely on working around them.

Access exists somewhere — through proximity, through the vehicle, through process or through prior interaction — and that access is exploited.

“People tend to think about security in terms of locks and alarms,” says Lee Sullivan, General Manager at Birch. “But at this level, it’s about control. If access exists, it will eventually be used.”

That is the shift.

Security is no longer about resisting intrusion.

It is about eliminating exposure.

Why Environment Matters More Than Ever

This is where most conventional approaches fall short.

A car stored at home, even in a locked garage, still exists within a predictable pattern. It is visible. It is accessible. Its location is known.

Even within commercial storage environments, inconsistency can create risk. Multiple access points, unclear responsibility,or unmanaged movement all introduce variables that do not need to exist.

Over time, those variables become opportunities.

Removing the Opportunity Entirely

At Birch, the approach is built around removing those variables.

Cars are not simply placed into storage and left within a secure-looking environment.

Access is tightly defined. Movement is controlled. Visibility is deliberately limited.

The objective is not to react to a threat.

It is to ensure the conditions required for that threat never arise.

“Once you remove uncertainty, you remove opportunity,” Sullivan says. “If everything is controlled properly, there isn’t a way in.”

That is the difference between security as a feature and security as a system.

What This Means for Owners

The evolution of theft methods changes the question owners need to ask.

It is no longer, “Is the car secure?”

It is, “Where are the gaps?”

Because the car itself is rarely the weakest point.

It is everything around it.

And as modern theft continues to move towards access, knowledge and process, that is exactly where the focus needs to be.