One look at the basic CAN architecture diagram and you see the problem. There's no reason for a secure key exchange to be on the same network path as every other device. Wrapping it in magic crypto sauce is not a permanent fix, because someone will just find a novel way to defeat the cryptosystem, like they always have.
If a thief wants to steal the car, make it harder. There should be one physical path from the key system to the ECU that allows key operations, and it should be protected by a really annoying and time-consuming process so that theft is so annoying that most people won't ever try it. After that is done, they can start sprinkling it with magic crypto sauce. (It's also very hard to get magic crypto sauce right; unless you hire the few really talented crypto people, whoever you hire to write crypto will make mistakes, and a hacker has unlimited time to find one)
Obviously existing car models won't be changed, but future ones should be. Car theft isn't just an inconvenience for the owner; it makes committing other crimes easier and harder to trace, results in more property damage, increases the black market for chopped cars, increases insurance premiums, etc.
If a thief wants to steal the car, make it harder. There should be one physical path from the key system to the ECU that allows key operations, and it should be protected by a really annoying and time-consuming process so that theft is so annoying that most people won't ever try it. After that is done, they can start sprinkling it with magic crypto sauce. (It's also very hard to get magic crypto sauce right; unless you hire the few really talented crypto people, whoever you hire to write crypto will make mistakes, and a hacker has unlimited time to find one)
Obviously existing car models won't be changed, but future ones should be. Car theft isn't just an inconvenience for the owner; it makes committing other crimes easier and harder to trace, results in more property damage, increases the black market for chopped cars, increases insurance premiums, etc.