I think that this kind of tech is just fundamentally insecure. I can't think of a way to secure it, at least not against gaining entry to the vehicle. And making it secure against driving away (by requiring it to continue to respond to changing cryptographic pings as you drive) opens the door to people being able to use jammers to disable your vehicle remotely. Maybe if they have a special Faraday cage place that you put your fob into, but at that point why not just use a key? Or just require a button press like the key fobs have for decades.
Oh and depending on the latency allowances for responding to pings, it might just be possible to leave a device in the vicinity of the key and relay it over the internet, so even that just increases the difficulty of defeating it a bit.
Same thing also applies to wireless keycards for secure entry, though I think the range for those is generally lower, so it would be more difficult to pull off.
The only thing I can think of is having incredibly tight timing on a challenge/response. With ~10 nanosecond level precision, it's not physically possible for em waves to travel more a few meters before the time is up.
Potentially better idea, add a gyroscope to the key fob, and stop broadcasting after the fob is perfectly still for some threshold. That way when you set it down inside it can’t be relayed, but if it’s in your pocket, it won’t remain perfectly still, and will start transmitting. Could also add an IR blaster to detect if you set it down in the car. Battery life would start to become a bigger issue, but I think solutions to these problems could be engineered.
Problem with that is that it really only covers the keys sitting on a nightstand situation. You could still get your car stolen while you're shopping or in a restaurant.
Relaying a key signal 20 ft when you know the key is there isn’t too tricky, like when you’re home. But I would propose that trying to relay a signal across hundreds of feet, like a busy mall or store, when you’re not even sure the owner is there is quite another thing. You can also require that the IR blaster is in the car before starting. There’s also a technology Google has been using for a while now where the device (car) would emit a constant ultrasonic signal for the other device (key) to pick up on to determine if they are close to each other. Something that could be done through clothing, but not easily relayed.
Might as well have a push button instead. Having it work from your pocket without interaction is what makes a fob different and should be a design requirement.
How about just having a button on a fob/phone which initiates comms, like in the good old days. You can't relay the signal if there isn't one till you press the button. But that isn't sexy and it's too similar to traditional cars, so they won't do it.