BYD Atto3 Authentication Key Brute Force Vulnerability Allowing Unauthorized ECU Flashing

Vulnerability

A vulnerability in the BYD Atto3 allows attackers to obtain an authentication key through a brute force attack. This key is permanently available and can be used to flash the Electronic Parking Brake (EPB) and Supplemental Restoration System (SRS) related Electronic Control Units (ECUs).

Impact

Exploitation of this vulnerability allows for unauthorized flashing of critical ECUs, potentially leading to unauthorized changes in vehicle functionality or safety systems.

Added: May 19, 2026, 8:05 PM

Updated: May 19, 2026, 8:05 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BYD Atto3 Authentication Key Brute Force Vulnerability Allowing Unauthorized ECU Flashing

Vulnerability

Impact

Affected Products

BYD Atto3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating