@Sign It!

I doubt it - if you have say a 16-digit car ID and 2 digits of possible commands, you still have space for a lot of authentication code.

Even if you only had 4 alpha-numeric characters for authentication that is 14 million permutations. If based on a strong underlying system and only taking a limited hash/truncation of the signature, you will be waiting a long time to brute-force with approx 7 million SMS.

I suspect it is the usual combination of cryptographic incompetence and lack of formal review/testing/verification of the system before it was implemented and rolled out. Having a not-as-commonly-hacked communication system is no excuse for a lack of proper encryption/authentication.

But as others have pointed out, WTF is this needed for in a car anyway? I prefer a manual switch for the ignition, as I know enough about machines not to trust them.