unless at least one party knows who it's supposed to be talking to & can independently verify the other party's identity and the integrity of key-exchange traffic supposedly taking place with it,
For short-range communications between devices operated by human beings, this isn't as hard as one might think.
Let's say I want my cell phone to communicate with a kiosk at McDonald's, without having to rely on the phone network to do the authentication.
Behind the counter, McDonalds has a poster-sized, easy-to-photograph representation of the kiosk's public key.
Now to exchange keys, I walk up to the kiosk and press a button. It puts a random picture on the screen. My phone takes a picture of it, combines it with a random picture I create, my public key, and a suggested random private key, then it encrypts it with the kiosk's public key. My phone tells me to turn it towards the kiosks's camera. It displays the random picture the kiosk created for a few seconds, then the random picture I created for a few seconds, then a pictorial representation of my public key for a few seconds, then a pictorial representation of the entire encrypted message for a few seconds. After all of this is done my phone tells me to flip it around again. The kiosk sends me new shared key that is based on the suggested shared key that I sent to it, but this time it is encrypted with my public key.
Now we can talk and I can place my order and provide my credit card information securely.
This all works because I got the Kiosk's public key from a trusted, independent source - the sign behind the counter that some human being put up and which the McDonald's employees would've noticed if it had changed recently (e.g. if a hacker had replaced the real sign with his own fake one and concurrently replaced the kiosk's public key with one he controlled).
By the way, this is a hypothetical example - there are easier ways to buy burgers than to spend half a minute or more playing "can we trust each other" with a kiosk.
Can this method be defeated? Yes - but you defeat it by removing the assumption that the McDonald's employees are paying attention to their surroundings for any suspicious changes and the assumption that the McDonald's employees are loyal enough to their employer to not "look the other way" if they notice a change or worse, collude with each other to BE the "man in the middle." But at this point, it's no different than walking into a bank and dealing with a crooked bank teller.