The description I saw of the amplifier attack said that the attacker put an amplifier near the car. This amplified the car's weak signal so it could reach the fob, which would then respond. The attacker does not have any equipment near the fob (and may not even know where it is).

If the car then did an ultrasonic distance check by emitting a coded ultrasonic signal that the fob had to receive, and then relay the code back to open the door, I don't see how the attacker would spoof that. Even if he has an ultrasonic microphone near the car, and an ultrasonic transmitter somewhere else, with a radio link to tell the transmitter what the send...how does he place the transmitter so that your fob will hear it?

If the attack is targeted against a specific individual, where the attacker knows both where the car is parked and where the individual is when away from the car, and the attacker can place equipment at both locations, then yes, I see that the attacker can get around ultrasonic distance measurement.

But for the most common case, where the attacker is at the car and has no idea where the owner is, it seems workable to me.