It doesn't really matter. Consider the dumbest possible encryption scheme: Car sends random 32-bit number to key. The key XORs the random number with some 32-bit number. ECU checks that the response is valid.
This is the worst possible design, and not far from what late 90's cars use. Even though it is the dumbest possible solution it still works reasonably well, because you have to have access to the key to start the car. You can clone the key in a second, but you still must get within inches of the key.
Look, your initial claim that the reporter is reasonable when saying that the protocol should be "impossible" to attack is completely unfounded. The details do matter.
For example your hypothetical protocol is grossly insecure. Keys transmit signals over dozens of feet, not inches. All an attacker would have to do to attack your hypothetical protocol would be to capture one exchange. Then he can XOR the challenge with the response to obtain the 32-bit secret, allowing him to clone the key!
Are you talking about press to unlock fobs, or proximity keys?
I was under the assumption that we are talking about proximity keys. Old ignition keys use RFID, but a broken encryption system. They are still secure because the range is a few inches. Newer cars with unlock from the pocket / push to start, use challenge based auth and strong encryption.
Click to unlock fobs use secure PRNGs. That is a separate discussion, and they are generally secure. Maybe this is what the reporter was talking about, but I assumed these cars had proximity keys. Even if this is what the reporter was talking about, they were not way off base, as this still falls in the "should be impossible" category.
This is the worst possible design, and not far from what late 90's cars use. Even though it is the dumbest possible solution it still works reasonably well, because you have to have access to the key to start the car. You can clone the key in a second, but you still must get within inches of the key.