Here’s how I understand the issue:
A keyfob is a radio Transmitter. To unlock your car you need the radio transmission to reach the car. The keyfob doesn’t transmit a signal when at rest. Therefore putting a keyfob in a Faraday bag achieves nothing.
The fob doesn’t turn off.
The car is always calling out for a response and the key “hears” the call and responds with their agreed upon codeword.
A faraday is like plugging the key’s ears and putting a gag in its mouth. It can’t hear or say anything.
… Which means that if the hacker is near you when you park - there is a time period where the fob isn’t masked by the bag, because it is coming out of the ignition, and voulaa - you can record the key’s pong of the car’s ping, retransmit, and get in. Correct?
This would be easily mitigated by the keyfob using a rolling code. The attacker can record the signal, so the car will also have received it. A replay of that specific code won’t work again. That is a principle used in cheap garage door fobs for many years. So I guess keyless fobs would have at least that level of security.
Better would be a cryptographic encryption using public/private key (already done in chip cards, so common technology). Though - looking at the dumb things car manufacturers did - I wouldn’t be surprised if they didn’t use private/public keys for this.
voilà
That is a possibility if you aren’t normally keeping it in the bag unless being needed in the moment.
It is far more common for the attempted theft to occur late at night because thieves avoid greater risk.
Modern fobs should be designed to prevent replay attacks (there should be something specific in the request that alters the response), so it shouldn’t be possible to record a response and then use it later.