The increasing interconnectivity in modern cars has been concerning for security professionals, especially now that the ECU (Engine Control Unit) of the car can be re-programed remotely, as car most of the other computers in the car (like say, the GPU built into it, the door locks, etc.).

Now security researchers have found a way to attack the stereo systems in some modern cars, using a music track.  For the first time, downloading an mp3 can actually cause a virus infection!

"Researchers at the University of California, San Diego, and the University of Washington have spent the past two years combing through the myriad computer systems in late-model cars, looking for security flaws and developing ways to misuse them. In a new paper, they say they've identified a handful of ways a hacker could break into a car, including attacks over the car's Bluetooth and cellular network systems, or through malicious software in the diagnostic tools used in automotive repair shops.

But their most interesting attack focused on the car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car's stereo, this song could alter the firmware of the car's stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on file-sharing networks without arousing suspicion, they believe. "It's hard to think of something more innocuous than a song," said Stefan Savage, a professor at the University of California."

Source: IT World