Do car makers really have good incentives to fix their security?
Not really, since they can sell a new car paid by the insurance company when someones car gets stolen. The only downside is negative reporting - but that can be fixed by massive ad-campaigns; just look at VAG, they are running ads like crazy in Europe right now, but they have dropped their tag-line "vorsprung durch technik" (lead by technology). I guess they don't want to use the new and improved tag-line "vorsprung durch betrug" (lead by cheating).
The whole wireless key fob thing is a pure convenience thing that when it fails becomes extremely inconvenient because convenience is security's biggest enemy. I can't understand that people would accept that their car have no physical security to speak of since it is quite a huge investment for many people.
The only mitigation I can think of if you still want the convenience of a wholly wireless key fob is that they introduce a check for max latency for the key-challenge response which is like 27 picoseconds(?) for a 4 meter radius not including the electronics internal response time. This means of course that the timing of the key exchange must be wholly deterministic.