I think that the problem with the modern fob is that it seems to be "always on"* looking for your car so it can pair.
* I am sure that those with better understanding can explain the technical shenanigans of this.
It's a bit like that. The keys that need you to press a button just send data blindly. The first ones were always the same code, so relatively trivial to clone. Then there was rolling code, but even that has been hacked*.
The keyless ones use a low frequency (125 kHz) signal to activate the key. That is much like the technology used for credit cards etc, but can be done a much larger range because the signal does not need to power the electronics, nor does the return signal need to be sent the same way. The return signal is the 433 MHz signal that has always been used.
Extra security comes from the fact that there is random challenge in the signal from the car, and the response from the key has to contain the correct response, calculated from the challenge**. The low frequency is picked up magnetically with three coils at right angles in the key, and the range of that can be controlled quite well, so that the keys will not detect the car at a long range, so more than 5m or so.
I agree that it's a pain that they use the batteries more than they used to. Some keys demand to be powered all the time, so if the battery is removed, they will lose their coding, which strikes me a missed opportunity when EEPROM exists. I've even seen a Lithium-Ion rechargeable battery, presumable to cover battery changes in keys like that, with a small dc-dc boost converter fed from the CR2032 to charge the Lithium-Ion battery.
I suppose that there will be advantages of iThing as a key which will be happening soon.
*Microchip KeeLoq® is an example.
**
https://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication
