Not sure if it was the case here, but apparently some cars can unlock automatically if the key is nearby.
To hack this, you only need a sensitive receiver that can retransmit the signal from the key, and you need two people, on in proximity to the key, and another nearby the car when it unlocks.
That's not really the case. Some of them unlock via low frequency RF, but to my knowledge they still use encryption that uses their button click count as one of the variables plus a shared secret.
Yes, but the point of this scheme is that the car "believes" the key is in close range. If that is enough to get it to open the car, the thieves don't have to break any encryption, they just need to relay the RF signal. The faulty assumption on the part of the car manufacturers is that "RF signal present" equals "keyfob nearby".
No system I've been exposed to was defeated by a simple replay attack. You needed the shared secret and the click count (plus proprietary algorithm), which would be incorporated into the OTA message. Most LF systems are pretty low-bandwidth as well, and lock out quite quickly.
