Centre Bans Apps After Reports of Remote E-Rickshaw Shutdowns
The Indian government has taken decisive action by removing two smartphone applications from major app stores following alarming reports of e-rickshaws being remotely disabled. This crackdown follows growing cybersecurity concerns regarding the vulnerability of internet-connected vehicle management systems used in the country's massive electric vehicle sector.
The BAT-BMS Controversy and Remote Disruption
The controversy erupted after viral social media videos surfaced, showing individuals using an application called BAT-BMS to remotely shut down e-rickshaws. The app, developed by Shenzhen Grenergy Technology in China, was originally designed as a legitimate tool for monitoring battery health, including parameters like voltage and temperature.
However, the application's remote control capabilities have been exploited to disrupt vehicle operations. By connecting via Bluetooth to compatible lithium batteries, unauthorized users have been able to switch off the battery's discharge function, effectively stranding drivers in the middle of roads. Some drivers even reported having to pay strangers to help restart their vehicles after being targeted by these digital shutdowns.
Vulnerabilities in Chinese-Manufactured BMS
The incident has highlighted a critical security flaw in India's budget e-rickshaw segment. Preliminary findings from government officials suggest that many e-rickshaws in India utilize Chinese-manufactured Battery Management Systems (BMS) that lack essential security features.
These systems often operate without password protection or robust authentication protocols. Because the BAT-BMS app allows users to wirelessly connect to Bluetooth-enabled lithium batteries within a limited range, the lack of security makes it easy for anyone in close proximity to intercept the signal and disable the power output. This vulnerability transforms a diagnostic tool into a potential weapon for digital harassment and theft.
Government Response and Demands for Scrutiny
IT Secretary S Krishnan confirmed the removal of the apps during a CII Cybersecurity Summit, stating that the government had taken action immediately after the issue came to light. Beyond the removal of the specific apps, the Centre is now calling for greater accountability from global app store providers.
Krishnan emphasized that app stores must exercise much higher levels of due diligence and scrutiny before hosting applications on their platforms. The government intends to take up the matter with these providers to ensure that potentially harmful or exploitable software is not made available to the public. Meanwhile, the Delhi government's transport department has been tasked with investigating the authenticity of the BAT-BMS application and its specific Bluetooth-based vulnerabilities.
Key Takeaways
- Immediate Action: The Indian government has removed two apps, including the Chinese-developed BAT-BMS, from app stores to prevent further remote disabling of e-rickshaws.
- Security Flaw: Many budget e-rickshaws use unsecured Chinese-manufactured Battery Management Systems (BMS) that lack password protection, making them vulnerable to Bluetooth-based attacks.
- Regulatory Push: The Centre is demanding stricter scrutiny and due diligence from app store platforms to prevent the distribution of harmful or exploitable applications.
