Centre Removes Apps After Reports of Remote E-Rickshaw Shutdowns

The Indian government has taken decisive action to remove two smartphone applications from major app stores following alarming reports that e-rickshaws could be remotely disabled. This move follows widespread concerns over cybersecurity vulnerabilities in internet-connected vehicle management systems used in the country.

The Rise of Remote Hijacking via BAT-BMS

The controversy gained momentum after viral social media videos surfaced, showing individuals remotely shutting down e-rickshaws mid-journey. The primary tool linked to these incidents is the BAT-BMS application, developed by Shenzhen Grenergy Technology in China. While the app is officially designed as a legitimate battery management tool to monitor voltage and temperature, its remote-control capabilities have been exploited to disrupt vehicle operations.

Reports indicate that bad actors have been using the app to switch off the battery's discharge function, leaving drivers stranded on the road. In several instances, drivers reportedly had to pay strangers to help them restart their vehicles after being targeted by these remote shutdowns.

Cybersecurity Flaws in Budget E-Rickshaw Systems

The vulnerability stems from a critical weakness in the hardware used in many budget-friendly e-rickshaws across India. Many of these vehicles utilize Chinese-manufactured Battery Management Systems (BMS) that lack robust security protocols.

Preliminary findings by government officials suggest that these BMS units often lack password protection or mandatory authentication. Because the BAT-BMS app allows users to connect wirelessly to Bluetooth-enabled lithium batteries within a limited range, anyone nearby can access the system. Once connected, the user can manipulate the battery's power output, effectively turning the vehicle off without physical contact.

Government Response and Calls for App Store Scrutiny

IT Secretary S Krishnan confirmed the removal of the offending applications during a CII Cybersecurity Summit. He emphasized that the government's intervention was a direct response to the emerging threat to vehicle safety and driver livelihoods.

Beyond removing the apps, the Centre is calling for greater due diligence from app store operators. Krishnan stressed that platforms must exercise stricter scrutiny before hosting applications to ensure that potentially harmful or exploitable tools do not reach the public. Simultaneously, the Delhi government has directed its transport department to investigate the authenticity of the BAT-BMS app and its ability to manipulate vehicles via Bluetooth connectivity.

Key Takeaways

  • Immediate Action Taken: The Indian government has successfully removed two smartphone applications, including BAT-BMS, from app stores to prevent further remote tampering with e-rickshaws.
  • Security Vulnerabilities: The issue highlights a significant cybersecurity risk in budget e-rickshaws that use unauthenticated, Bluetooth-enabled Chinese Battery Management Systems (BMS).
  • Call for Accountability: The Centre is pushing app stores to implement more rigorous vetting processes to prevent the distribution of software that can be misused to compromise physical infrastructure or vehicle safety.