Here’s how I understand the issue:
A keyfob is a radio Transmitter. To unlock your car you need the radio transmission to reach the car. The keyfob doesn’t transmit a signal when at rest. Therefore putting a keyfob in a Faraday bag achieves nothing.
The fob doesn’t turn off.
The car is always calling out for a response and the key “hears” the call and responds with their agreed upon codeword.
A faraday is like plugging the key’s ears and putting a gag in its mouth. It can’t hear or say anything.
… Which means that if the hacker is near you when you park - there is a time period where the fob isn’t masked by the bag, because it is coming out of the ignition, and voulaa - you can record the key’s pong of the car’s ping, retransmit, and get in. Correct?
This would be easily mitigated by the keyfob using a rolling code. The attacker can record the signal, so the car will also have received it. A replay of that specific code won’t work again. That is a principle used in cheap garage door fobs for many years. So I guess keyless fobs would have at least that level of security.
Better would be a cryptographic encryption using public/private key (already done in chip cards, so common technology). Though - looking at the dumb things car manufacturers did - I wouldn’t be surprised if they didn’t use private/public keys for this.