Centre Removes Apps Linked to Remote E-Rickshaw Shutdowns

The Indian government has taken decisive action by removing two smartphone applications from major app stores following reports that they were being used to remotely disable e-rickshaws. This move follows growing cybersecurity concerns regarding the vulnerability of internet-connected vehicle management systems in the country.

Cybersecurity Threat: The BAT-BMS Controversy

The crackdown was triggered after videos circulated widely on social media, appearing to show individuals remotely shutting down e-rickshaws using a Chinese application called BAT-BMS. Developed by Shenzhen Grenergy Technology in China, the app was originally designed as a legitimate tool to monitor lithium battery health, including parameters like voltage and temperature.

However, the app’s functionality has reportedly been exploited to disrupt local transport. Users were seen leveraging the app to switch off the battery's discharge function, effectively leaving drivers stranded in the middle of the road. Some drivers even reported having to pay strangers to help them restart their vehicles after being targeted by these remote shutdowns.

Technical Vulnerabilities in Budget E-Rickshaws

Preliminary investigations by government officials suggest that the issue lies in the intersection of insecure hardware and wireless connectivity. Many budget-friendly e-rickshaws in India utilize Chinese-manufactured Battery Management Systems (BMS) that lack robust security protocols.

These systems often operate without password protection or advanced authentication measures. Because the BAT-BMS app allows users to wirelessly connect to Bluetooth-enabled lithium batteries within a limited range, anyone with the app can potentially intercept and control the battery's power output if the system is unsecured. This highlight a significant gap in the cybersecurity infrastructure of the rapidly growing electric vehicle (EV) segment.

Government Response and Call for Scrutiny

IT Secretary S Krishnan confirmed the removal of the apps during a CII Cybersecurity Summit, stating that the government had acted immediately after the reports surfaced. Beyond the removal, the Centre is now turning its attention to the responsibility of platform providers. Krishnan emphasized that app stores must exercise much greater due diligence and scrutiny before hosting applications that could pose physical or digital risks to users.

In Delhi, the Transport Department has been tasked with verifying the authenticity of the BAT-BMS application and investigating claims regarding its Bluetooth-based interference. Transport Minister Pankaj Singh confirmed that officials are examining the matter closely following various complaints, even though formal written petitions are still being processed.

Key Takeaways

  • Immediate Action Taken: The Central Government has successfully removed two problematic applications from app stores to prevent the remote disabling of e-rickshaws.
  • Security Flaw Identified: The vulnerability stems from unsecured, Bluetooth-enabled Chinese-made Battery Management Systems (BMS) that lack essential password protection.
  • Stricter App Governance: The IT Ministry is pushing app store developers to implement more rigorous vetting processes to prevent harmful or exploitable software from reaching consumers.