Doesn't help against a common attack possible for all reasonably modern luxury cars (which happen also to be the most interesting targets).
For these cars it's enough that the key is near and it is considered a feature that no user interaction (like pressing a button on the keyfob) is required. This can be exploited by relaying the signal from the original key to an attacker who is near the car. Cryptography alone cannot protect against this attack scenario (which is called a "relay attack", not to be confused with a "replay attack").
>No cryptography can protect against this scenario
I remember reading about how MITM is prevented in U2F [1] by using information about the connection as part of the challenge that the authenticator has to sign. Could something similar be possible in this scenario?
To defeat the relay attack, you need tight restrictions on time-of-flight. That restricts the allowable distance between the vehicle and the actual real key fob.
There are mitigations, my point was mainly that there is more to it than a implementing a tried and proven protocol but developed for a completely different use case (like SSH). Keyless entry systems are what they are because of a complicated trade-off between convenience, reliability, security and other factors and not necessarily because all engineers at car companies are idiots.