When electronic control units were first added to cars in the 1970s, the firmware was all in masked read-only-memory that couldn't be modified once it was fabricated. In the late 1990s, as systems became more complex, engineers began using flash memory so that firmware could be updated with bug-fixes and other changes. With most current vehicles you have to be plugged into the OBD-II diagnostic port in order to communicate with the ECUs, which are now connected over a vehicle-wide controller area network.
Now that we're starting to move into the age of connected vehicles, the risks are rapidly increasing. OnStar already has the ability to remotely slow a stolen vehicle. Ford is currently demonstrating Fiestas that can download applications and communicate with the vehicle systems to broadcast vehicle information. Without putting adequate security into vehicle ECUs, it's possible that someone could download a malicious application with the potential to disable or otherwise damage the vehicle.
[Source: PC World]