Not a silly question at all. I create light shows and also sell custom USB drives that people can put light shows on. I also have a background in cyber warefare (military). While the actual files that are used in the process are relatively simple (and easy to scan) it does bring up a very good point: at the end of the day, you're downloading something from the internet or buying something from a stranger and putting it in your car's computer.
But, for those who don't know anything about the process, I'll break down a little bit of the basics. And I'll also provide my suggestions for security measures you can take to be safe.
Tesla light shows are created using a community created, open source freeware called xLights (there is also another one called Vixen, that probably has similar roots). This is a very powerful program, typically used to program house (or large scale) light shows using a variety of types of hardware. It's waaaaaaay overkill for what is needed for a Tesla light show. As an example, there are effects and transitions that you can use, if your house is covered in "smart" bulbs. None of those tools are applicable to the Tesla. The car looks for simple commands like "On, white, 100% brightness." There are a few other brightness setting that equate to fading up or down certain lights (that have the capability) and controlling things like the windows, hatch, FWDs, etc. But it's still a simple "on" command with a specific brightness setting.
Once all the commands are put on the timeline (kind of like editing a video) you then save the show to a file with a .FSEQ extension. These are known as Falcon Player files, as they were originally intended to be used for your home light show in various light controllers. (If you're intersted about the specifics of what's in the file, you can see this:
GitHub - Cryptkeeper/fseq-file-format: Reverse engineered documentation of the Falcon sequence version 2 (FSEQ) file format.). Also, since xLights is open source, you could actually go read the code and see what they're writing out to the file, if you know what to look for (I don't). This .FSEQ is also accompanied by the audio file (the song) that it is synchronized with.
So, back to the original question: would it be easy for someone to put some malicious code into one of these files (the FSEQ or the MP3/WAV audio file)? Probably not "easy" but certainly possible if they were motivated to do so, and had the know-how. I'm not an expert at the Tesla's firmware, but my understanding is that there are firewalls in place to separate any primary control functions (accelerator, steering, etc.) from the "entertainment" area. Lights and windows probably fall somewhere in the middle, but still on the "entertainment" side. These items are typically found running on a bus system in modern cars. When you turn on the lights, you actually just send data to the light saying, "turn on." Not changing the power to the device. So, I honestly don't think they'd get very far in the Tesla internal software. AGAIN--not an expert at this. And I've seen the videos of people "hacking" a Tesla.. it usually involves hard wiring into an ethernet port in the car to gain access to the root of the system. Different from what a USB drive can access.
So, the chance of your light show containing malicious code is probably about the same as the MP3 or WAV file having malicious code. Best to scan anything you get from the internet, even if it's from a known/trusted source. A good (and free) site is
VirusTotal where you can either upload the file, or even point to the URL of the file before you download it. It will scan it with 60+ different tools (see attached example) to look for anything fishy.
And if you buy a USB drive with a pre-loaded light show from someone, you should definitely scan it (preferably sandboxed) before putting it in your car. This would apply to any device that's not straight from the store/factory (and even then, sometimes.. you sure that Bestbuy USB drive was "new new"?).
TLDR: Yes, it's possible to have a "virus" in a lightshow file or on a lightshow USB drive.. but just as possible as virtually any other file you download or use off of the internet. Practice good cyber security by always scanning them prior to use.
