As far as my limited understanding goes using the the key fob for remote central locking does not expose any risk, instead its the immobiliser part, so manually opening your door with the physical key provides no extra safety, its when the key is present near the ignition barrel, thats where the immobiliser kicks in and where this venerability exists
From what I understand, they have to capture two uses of the key fob to be able to brute force, so if you don't use it then they can't capture anything. Or they just captured two uses from a random car and now it'll work on any car. I wish the article went into more detail.
They captured 2 uses of the RFID-based immobilizer. That gets used every time you start the car, regardless of how you unlocked the car. It's completely separate from the UHF-based keyless entry system which you use to unlock the car.
The paper makes this distinction in the first paragraph, but of course the article fails to distinguish.
As bri3d has mentioned, I think you are confused because the key actually has three independent functions and you need to make the distinction between them all.
- Remote central locking via UHF
- Immobiliser authentication via RFID (this is what is vulnerable)
- Key for the ignition barrel or manual unlocking of doors
