Its been a while since I read up on this issue in detail, but I thought I'd share some specifics as it does factor into some of the assumptions I'm seeing in the comments.
Firstly, exploiting this weakness doesn't require cloning fobs or decrypting anything - its actually a very simple attack that now known, requires zero technical knowledge and involves a cheap piece of easily acquired equipment.
In normal use, when you touch the handle, the car will send out a low frequency radio "ping". This only has the power to reach a short distance (say a metre), which is fine when the key is in your pocket. The fob receives the ping and responds by sending the unlock signal with its own, high frequency antenna. The car unlocks as intended.
The issue is that while the car's ping is only *intended* to be low range, there's nothing to ensure that's the case. A simple amplifier that's within range can receive the ping and amplify it out to a much longer range - enough to be picked up by your key inside the house. The problem then is that the fob's unlock signal isn't similarly constrained - its intended to be longer range to allow you to unlock your car from some distance using a button on the fob. The upshot is that by wandering up to a car holding a bag containing the small amplifier, a thief can simply touch the handle, the car's ping will be amplified sufficiently to reach your house, and if the fob is close enough for the car to receive the unlock signal, it'll open. No messing around, no fuss.
A misconception, and one that's perhaps particularly important on this forum, is that thieves aren't necessarily out to steal the car. Its a lot easier and lower risk simply to take belongings - they can be in and out in 10 seconds and no-one will be any the wiser, allowing them to go down a whole street easily enough. That may yield a lot less than stealing and selling a car, but doing so involves a whole lot more risk, as well as the necessary know how to sell it on, so if you're a small time thief which approach are you going to take? In that regard owning a less prestige car isn't going to keep you safe. Of course not leaving valuables in the car in the first place is a good idea, but that's not always possible.
Evidence of the wide spread use of this vulnerability had taken some time to build. Its very easy to put this down to the owner simply forgetting to lock their car, and its only by seeing the pattern that's emerged, combined with the proven vulnerability of these systems that we can see that such attacks are not uncommon - given how easy they are why would we expect otherwise.
The proper fix for this is for the system to more accurately measure the distance between the car and the key, rather than assuming its within the low range of the radio signal. They can do this by accurately measuring the time it takes for the fob to receive the signal from the car - as this is fixed based on the speed of light it provides a pretty fool proof way to know they're close. In the meantime turning off keyless entry entirely, or storing the key out of range or in a faraday bag is sensible.
I should add that NFC based contactless payment systems suffer from similar issues. Its true its not likely that anyone is going to deliberately try to spoof a payment as it would be pretty obvious with you standing there, but there are plenty of reports of payments going to cards that were way beyond the 2 inches its supposed to work to, again because radio waves are subject to anomalies in how they propagate based on numerous factors, and not only power levels.
Sorry for the long post, but thought some might find the details interesting.
