Centre Removes Apps Following Reports of Remote E-Rickshaw Shutdowns
The Indian government has taken decisive action by removing two smartphone applications from major app stores after reports surfaced that they could be used to remotely disable e-rickshaws. This move follows growing concerns regarding cybersecurity vulnerabilities in internet-connected vehicle management systems used across the country.
The Cybersecurity Breach: How E-Rickshaws Are Being Targeted
The controversy erupted after viral social media videos demonstrated how certain applications could render e-rickshaws inoperable mid-journey. IT Secretary S Krishnan confirmed during a CII Cybersecurity Summit that action was taken after the government identified specific apps, including the Chinese-origin "BAT-BMS" application, as potential threats.
The mechanism behind this disruption involves the exploitation of Bluetooth connectivity. Preliminary findings suggest that the application allows users to wirelessly connect to Bluetooth-enabled lithium batteries within a limited range. While the app is ostensibly designed to monitor battery parameters such as voltage and temperature, it has reportedly been misused to switch off the battery's discharge function, effectively stranding drivers on the road.
Vulnerabilities in Chinese-Manufactured Battery Systems
A critical factor in this security lapse is the hardware being used in India's budget electric vehicle segment. Many e-rickshaws are equipped with Battery Management Systems (BMS) manufactured by Chinese firms, such as Shenzhen Grenergy Technology.
Officials have pointed out that these budget-friendly systems often lack essential security features, including robust password protection or user authentication. This lack of "digital locking" makes it possible for any nearby individual with the right app to connect to the battery via Bluetooth and manipulate its power output. In some instances, drivers have even reported being forced to pay strangers to help restart their vehicles after being targeted by these remote shutdowns.
Government Mandates Greater Scrutiny for App Stores
In response to this incident, the central government is shifting the responsibility toward platform providers. IT Secretary Krishnan emphasized that app stores must exercise greater due diligence and scrutiny before hosting applications on their platforms. The government intends to engage with app store operators to ensure that potentially harmful or exploitative software is identified and blocked before it can reach the public.
Simultaneously, the Delhi government has mobilized its transport department to investigate the authenticity of the BAT-BMS app and its ability to disrupt vehicle operations through Bluetooth. While no formal written complaints had been filed at the time of the initial probe, the transport ministry has directed officials to examine the matter thoroughly to protect the livelihoods of e-rickshaw operators.
Key Takeaways
- Immediate Action Taken: The government has successfully removed two apps, including the Chinese-made BAT-BMS, from app stores to prevent further remote tampering of vehicles.
- Hardware Vulnerability: The issue stems from unsecured, Bluetooth-enabled Chinese-manufactured Battery Management Systems (BMS) that lack password protection and authentication.
- Stricter Oversight: The IT Ministry is pushing app stores to implement more rigorous screening processes to prevent the distribution of applications that pose cybersecurity risks to vehicle owners.
