Centre Bans Apps Enabling Remote Shutdown of E-Rickshaws

The Indian government has taken decisive action by removing two smartphone applications from major app stores following reports that they can be used to remotely disable e-rickshaws. This move aims to curb growing cybersecurity threats within the rapidly expanding electric vehicle (EV) ecosystem in India.

The Rise of Remote Shutdown Exploits

The crackdown follows widespread concern triggered by viral social media videos showing e-rickshaws being rendered inoperable mid-journey. The primary application identified in these reports is BAT-BMS, a tool developed by Shenzhen Grenergy Technology in China. While designed as a legitimate utility to monitor battery health, voltage, and temperature, the app's remote management features have reportedly been weaponized.

The exploit allows users to wirelessly connect to Bluetooth-enabled lithium batteries within a specific range. Once connected, the app can be used to switch off the battery's discharge function, effectively shutting down the vehicle and leaving drivers stranded. In several reported instances, e-rickshaw drivers claimed they had to pay strangers just to restart their vehicles after being targeted by these digital disruptions.

Security Flaws in Budget Battery Management Systems

The vulnerability lies not just in the software, but in the hardware used in many budget-friendly electric vehicles across India. Government officials have pointed out that a significant number of e-rickshaws utilize Chinese-manufactured Battery Management Systems (BMS) that lack robust security protocols.

These specific BMS units often operate without password protection or necessary authentication layers. This lack of "digital locks" makes it incredibly easy for any nearby individual with the BAT-BMS app to establish a Bluetooth connection and manipulate the power output. The Delhi government’s transport department has been tasked with investigating the authenticity of these claims and assessing the risks posed by Bluetooth-enabled battery management.

Government Demands Greater Scrutiny from App Stores

Speaking at the CII Cybersecurity Summit, IT Secretary S Krishnan confirmed that the government has already acted to remove the offending applications. However, the government is not stopping at app removal; officials are now looking to hold platform providers accountable.

Krishnan emphasized that app stores must exercise much higher levels of due diligence before hosting applications that could pose physical or economic risks to citizens. The Centre intends to engage with major app store operators to ensure that potentially harmful or exploitable software is intercepted before it reaches the public. This incident highlights a critical need for standardized cybersecurity regulations in the Indian EV component manufacturing sector to prevent future vulnerabilities.

Key Takeaways

  • Immediate Action Taken: The Central Government has removed two apps, including the Chinese-developed BAT-BMS, from app stores to prevent the remote disabling of e-rickshaws.
  • Hardware Vulnerability: The issue stems from budget-friendly Chinese BMS units that lack essential security features like password protection and authentication.
  • Regulatory Push: The IT Ministry is calling for stricter scrutiny from app stores to prevent the distribution of applications that can be exploited to disrupt physical infrastructure and transport.