Centre Removes Apps Linked to Remote E-Rickshaw Shutdown Risks

The Indian government has taken decisive action by removing two smartphone applications from major app stores following alarming reports of remote vehicle hijacking. These apps, linked to the BAT-BMS software, were reportedly being used to disable e-rickshaws mid-journey, posing significant safety and security risks to drivers.

Cybersecurity Breach via Battery Management Systems

The crackdown follows viral social media videos showing individuals remotely shutting down e-rickshaws using a feature within the BAT-BMS application. IT Secretary S Krishnan confirmed the removal of these apps during a CII Cybersecurity Summit, noting that the government took action after the potential for misuse came to light.

The core of the issue lies in how the BAT-BMS app, developed by Shenzhen Grenergy Technology in China, interacts with vehicle hardware. While the app is officially designed as a legitimate tool to monitor lithium battery parameters like voltage and temperature, its remote-control capabilities have been exploited. Reports suggest that bad actors are using the app to switch off the battery's discharge function, effectively rendering the vehicle inoperable and leaving drivers stranded.

Vulnerabilities in Budget Electric Vehicles

Investigations by government officials have highlighted a critical security flaw in the hardware used by many budget e-rickshaws in India. A large number of these vehicles utilize Chinese-manufactured Battery Management Systems (BMS) that lack robust security protocols.

Specifically, these systems often operate without password protection or advanced authentication. This lack of security allows anyone within Bluetooth range to wirelessly connect to the lithium battery and manipulate its power output. Because the app can connect to these unsecured Bluetooth-enabled batteries, unauthorized users can disrupt the vehicle's movement with minimal effort.

Government Mandates Greater Scrutiny on App Stores

In response to this incident, the central government is demanding higher standards of due diligence from global app store providers. IT Secretary Krishnan emphasized that app stores must exercise greater scrutiny before hosting applications that could potentially cause harm or facilitate illegal activities.

Simultaneously, the Delhi government has mobilized its transport department to investigate the authenticity of the BAT-BMS application and its ability to disable vehicles via Bluetooth. While no formal written complaints were initially filed, Transport Minister Pankaj Singh confirmed that officials are examining the matter closely to prevent further exploitation of internet-connected vehicle management systems.

Key Takeaways

  • Immediate Action Taken: The Indian government has removed two problematic apps from app stores to prevent the remote disabling of e-rickshaws.
  • Security Flaw Identified: Budget e-rickshaws using unsecured Chinese-manufactured Battery Management Systems (BMS) are vulnerable to Bluetooth-based hijacking.
  • Stricter Oversight Demanded: The Centre is pushing app stores to implement more rigorous vetting processes to block potentially harmful or exploitable software.