Re:Even easier
Maybe a simple resistor pack works on cars in some parts of the world, not sure it'd work elsewhere.
Although it's a while since I've looked at them, as I remember it the only accessible cables on most current models were the feeds to the transponder induction coil from the PCM, and the basic power switching and control lines from the ignition switch.
Given these wires, you could get the electrics turned on (i.e. 'Key On, Engine Off') but not much else, unless you managed to get the transponder code into the PCM nothing much more would happen. And a simple resistor pack is unlikely to help with this.
The PCM won't do anything much until the key code is correct, and quite likely some ancillary components will get in the way too e.g. the ignition pack and instrument cluster may also do a code check before the system will work. Given that very little now works directly from the controls, but rather is driven via software in the power or body control modules, it's quite simple to completely cripple the vehicle if a transponder key code isn't provided.
While this sort of brute force attack is relatively interesting, the real world impact is zero. Real criminals will just steal your keys and use them, rather than wasting an hour to try to get data that will take a day or two of processing on a cluster to be useful.
Bear in mind we're talking about very low range transponder modules here so the possible attack range is minimal, probably 50cm max with modified equipment. Remote locking systems have a longer range but are a separate system and being a transmitter in the key (the bit with the battery) rather than a transponder (the small plastic or glass capsule in the key) can't be remotely probed for data.
There are all sort of methods out there for triggering the central locking system, and disabling the alarm system - usually down to poor design e.g. ways to zap the system via accessible wires, or using a firm kick in the right place to bounce relays, or even a false crash signal from the airbag system - but actually *starting* the car is a separate problem and generally much harder (if not impossible) to do without a properly coded key.
As far as I can tell this attack is against the remote locking rolling code system. Apart from (as mentioned) there already being ways of working around this bit, given that the part in the key is only a transmitter you'd need actual physical access to the key to push the button(s) repeatedly to get the source data. Not exactly practical! There's also the small matter of the *rolling code* aspect; unless you get the keys correct *and* manage to synchronise the codes, it won't be much use - even a real key can become useless if the synchronisation drifts too far, until you trigger a resync.
Anyway, it's all nice and good but I suspect more of academic interest rather than a practical concern.