There is an interesting article in Wired about how the rolling codes that secure our cars can be compromised. What caught my eye is that Lotus was specifically tested and confirmed to be vulnerable to this exploit.
Yeah, there's really no incentive to steal a Lotus. You can't go fence it at Bob's Chop Shop and you can't sell it into some villainous collector's car warehouse.
This attack is a really obvious attack against any kind of one-way security system without a clock in both ends. Since the receiver has no way to know how many codes ahead the key is, anytime you can observe a code from the key without the receiver knowing (either by jamming or just getting the target to use the fob while it's out of range), you're golden.
I can't really blame Lotus or Cobra too much for using that system - when these cars came out, it was pretty rare to have anything more advanced. Clocks are power-hungry and unreliable, and the other solution (public key encryption) requires two-way radio communication, which is hard because there's very little to no room for a receive antenna in the remote fob.
I'm still liking my 20 year old totally unconnected cars with only physical keys that operate the doors and ignition. No alarm system or immobilizer and no hackable entertainment system / CANBUS portal.
I should expand on my sarcastic comment. I do think the Cobra alarm/immobilizer is crap. I would prefer if it had no alarm/immobilizer. Like Glen I prefer my cars to not be connected. Just a car for the pleasure of driving. The whole infotainment should stay at home, it is all too distracting in a car.
I suspect Lotus had to put an alarm/immobilizer in the car for some markets and for insurance reasons.