> Wouldn’t you need to have a device actively running within a few feet of the vehicle to run such an attack?

Nope. Just a high-gain antenna.

> Couldn’t the car start blaring an alarm or something in that case?

It could. But that might not help.

For example: you're driving your Mazerati down the road when it suddenly stops and the alarm goes off. The next day you get a letter saying, "If you don't want yesterday's little incident to become a regular event, send BTC500 to the following address...."

If the car responds to RFID keys at all when driving, that is a flaw.

If I get out of my car with the engine still running it starts beeping. I don't know if it will actually turn the engine off, but it obviously knows that the key has departed the vehicle.

Or it detected your bum leaving its seat.

My car also beeps when it detects that the key has left the car. The engine keeps running, but you obviously cannot turn it on again once you turn it off.

I had it happen without me leaving the seat (e.g. my wife has the keys in her bag/pocket, I had been driving, and she gets off the car to unarm the home alarm). The car is turned on by pressing a button, not by turning the key.

That seems like a reasonable setup. I'm having difficulty imagining how that could be hacked into the blackmail situation described above, since the sure way to avoid the beep is to keep the fob in the car.

No, because if I toss the key into the seat it stops beeping even if I'm not there.

..plus a high-gain antenna, and suddenly you have an attack that sets off every car alarm in the city at once.