By the time Ian Fogg’s stolen Kia was pinging its location back to Lithuania, while Kia’s own connected app refused to tell him where the car actually was, the more interesting question, from an insurance investigations perspective, had already been answered on his own driveway: How did the thieves get in?

The BBC’s reporting this week focuses on what happens after the theft: the limits of connected apps, the 24- to 48-hour lag on manufacturer location responses, and Thatcham Research’s warning of a “genuine and growing gap” between what drivers expect these features to do and what they actually do. It’s worth reading in full.

BBC News: Don’t expect connected car apps to save your stolen car, experts say.

From where we sit at DLB, however, the more urgent question, and the one insurers should be asking, is: what is happening in the sixty seconds before it was stolen?

 

The thirty-second entry

In our casework, the pattern is now remarkably consistent.

The overwhelming majority of vehicle thefts we handle involve no forced entry, no broken glass, no alarm activation and no key. Instead, the vehicle is tricked, by a small, cheap, increasingly accessible device, into believing that the legitimate keyholder is standing beside it. The doors unlock. The push-button start authorises. The vehicle drives away. Start to finish, we routinely see events on doorbell and CCTV footage that are complete inside a minute, often inside thirty seconds.

The methods vary. Signal relay attacks, in which the key fob’s radio signal is captured through the front door of the house and amplified to the vehicle on the driveway, remain the most common technique. Emulator devices (much more common nowadays), plugged into an accessible module through a headlight assembly, wing mirror or grille, inject the commands the vehicle expects to see from an authorised key. Both are trivially available to those who want such devices. Both leave almost no forensic signature at the scene.

The Crime and Policing Act 2026, which received Royal Assent on 29 April, criminalises the possession and distribution of these devices for the first time and flips the burden of proof onto anyone found holding one. A genuinely important step, but the practical availability of the devices themselves, judged from cases coming across our desks, appears entirely undiminished. Government figures put electronic-device involvement in around 40% of UK vehicle thefts, rising to roughly 60% in London.

The brand pattern in our casework is also strikingly consistent. Kia EV6 and e-Niro sit at the top of the list, alongside a recurring set of Lexus, Toyota and Honda models. This mirrors what many claims teams will already be seeing in their own frequency data.

 

What happens next

Once inside the vehicle, the sequence Fogg experienced becomes standard.

The connected app is severed, in his case, through an unsecured entertainment-system process that allows a “new owner” to take over the vehicle without authenticating with the previous one. The manufacturer’s live location goes dark. Where an aftermarket tracker is fitted, it is either jammed outright or, increasingly in our experience, allowed to keep transmitting from a spoofed location, routing recovery agents to the wrong county while the vehicle itself is already on a lorry heading for a port.

What is less often said is how effectively these pieces now chain together. Entry in under a minute. App severed within a few more. Tracker either silenced or giving false information by the time the vehicle is off the driveway. Fogg’s 24- to 48-hour lag on Kia Connect responses arrives long after any realistic recovery window has closed.

 

Implications for claims teams

Absence of forced entry is no longer a meaningful fraud marker. Historically, a theft claim with no sign of forced entry drew heightened scrutiny. In the current environment, no forced entry is the norm for a legitimate high-value theft. Handlers leaning on that signal alone will misjudge indemnity in both directions.

Manufacturer-connected apps cannot be treated as security tools. Kia’s own words to the BBC are unambiguous: “a customer convenience feature, not a certified security vehicle tracker.” The same disclaimer sits, in different words, behind most connected services sold in the UK and EU. Customer expectation and product capability are misaligned, and that expectation lands on the insurer.

Digital evidence needs corroboration, not adoption. Where the log is silent, it tells you nothing. Where the log is telling a plausible story, that plausibility is now something to verify, not a foundation to build on.

 

Where the discipline needs to go

None of this argues against the technology. It argues for treating every digital signal, whether manufacturer app, aftermarket tracker or telematics record, as one input, corroborated against physical evidence, doorbell footage, witness accounts and behavioural indicators. The connected car was sold to the market as the end of vehicle theft. It hasn’t been. It has moved the game onto ground that the industry – insurers and manufacturers alike – are still learning to read.

If your team is seeing similar patterns in theft-related or suspicious-loss claims, we would welcome the conversation.

©2026 DLB Investigations Ltd.

DLB Investigations provides early claims intelligence services to motor insurers through RTC helping claims teams make better-informed decisions from the earliest stage of the claims lifecycle. If this resonates with challenges your team is navigating, I’d welcome a conversation.

David Booker M.A