Government Orders Removal of Apps That Could Remotely Stop Moving E-Rickshaws
Tap a highlighted term for a quick explanation.
The government has asked Apple and Google to remove at least three mobile apps after discovering they could be used to remotely shut down some electric rickshaws while they were being driven. This came to light after videos spread on social media showing people connecting to nearby e-rickshaws using Bluetooth and switching off their power systems mid-ride, putting passengers and drivers at risk.
The apps named in the directive are BAT-BMS, Lossigy, and Epoch Li-ion. At least two of these reportedly originated in China. India's IT Secretary confirmed that two of the apps had already been pulled from app stores after the issue was flagged, and said the government would also engage directly with app store companies to prevent similar risky apps from being listed in future.
To understand why this happened, it helps to know how these apps were originally meant to work. BAT-BMS, for instance, was built by a Chinese company as a legitimate diagnostic tool for lithium-ion batteries. It lets users check a battery's charge level, voltage, temperature, and overall health, and even control charging or discharging remotely over a short-range Bluetooth connection, typically within about 15 metres. Such tools are usually meant for technicians at service centres, not for random use on the street.
The real issue lies in how some low-cost e-rickshaws are built. Many use inexpensive battery management systems, often sourced cheaply from Chinese manufacturers, that lack basic security features like password protection. This means anyone within Bluetooth range carrying a compatible app could pair with the vehicle's battery and switch off its power output. Since this discharge function powers the motor, cutting it can bring a moving rickshaw to a sudden stop.
Importantly, officials clarified that this isn't an advanced or complex cyberattack. It's simply the exploitation of poor security defaults in cheap hardware. The apps themselves don't have blanket power over all electric vehicles. They only work if a vehicle's battery uses the specific type of Bluetooth-enabled system that's compatible with them.
Not every e-rickshaw is vulnerable. Many still run on older lead-acid batteries, which aren't affected by this issue at all. Some lithium-battery vehicles also use manufacturer-specific systems that these apps cannot connect to. So the risk is concentrated mainly among cheaper lithium-powered e-rickshaws with unsecured, Bluetooth-accessible battery controllers.
This episode highlights a broader worry as India's electric vehicle market grows rapidly, especially in budget segments like e-rickshaws that serve as everyday transport for millions. As more vehicles rely on connected battery technology, weak digital security in cheap components could translate into real physical safety risks on the road, not just data breaches.
Going forward, the government's engagement with app stores signals an attempt to tighten oversight of software that can interact with vehicle hardware. It may also push manufacturers of low-cost EV components to build in stronger security safeguards, such as mandatory passwords or restricted access, to prevent similar misuse in the future.
Why it matters
This case shows how gaps in basic digital security within affordable electric vehicles can create direct physical safety hazards, not just privacy risks. As India pushes for wider EV adoption, especially cheaper vehicles like e-rickshaws that millions depend on for daily transport and livelihood, this incident is a reminder that hardware and software security standards need to keep pace with rapid electrification, or vulnerable road users could pay the price.
Test yourself
1. What action did the Indian government take regarding certain apps?
2. What prompted the government's action against these apps?
3. What was BAT-BMS originally designed for?
4. Which company originally developed the BAT-BMS app?
5. What is the approximate Bluetooth range within which these apps can connect to a battery?
6. Why were some e-rickshaws vulnerable to this exploit?
7. What specifically happens when the discharge function of a battery is switched off?
8. According to officials, how sophisticated was this security breach?
9. Which type of e-rickshaw batteries are NOT affected by this issue?
10. What further step did the IT Secretary mention the government would take?
Your notes
Source: The Indian Express