The Indian government has directed app stores to remove three smartphone applications reportedly capable of remotely disabling e-rickshaws via Bluetooth battery management systems, citing security vulnerabilities and potential misuse.
- Apps connect to Bluetooth battery packs enabling remote control.
- Weak security on aftermarket batteries allows unauthorized shutdowns.
- Drivers report being stranded after sudden vehicle power loss.
What happened
The Indian government has issued an order to remove three smartphone applications—BAT-BMS, Epoch-i-ion, and Lossigy—from Google Play Store and Apple App Store. This follows reports revealing these apps could be exploited to remotely disable e-rickshaws by communicating with Bluetooth-enabled battery management systems used in their lithium-ion battery packs. Ministry of Electronics and Information Technology officials confirmed the apps posed significant security risks, prompting swift government intervention.
Why it matters
Many e-rickshaws in India use third-party Bluetooth-enabled battery systems that often lack proper authentication mechanisms such as passwords or encryption. This vulnerability enables anyone with access to the app and within Bluetooth range—approximately 10 to 15 meters—to pair with the battery system and manipulate controls, including cutting off battery discharge. The ability to remotely disable a vehicle creates a direct safety hazard and disrupts the livelihoods of e-rickshaw drivers who depend on daily earnings.
Interviews with affected e-rickshaw drivers in Delhi and Gurugram reveal the real-world impact of these security flaws. Drivers recounted incidents of their vehicles shutting down unexpectedly in traffic or while carrying passengers, leaving them stranded and unable to restart their vehicles without assistance. Such disruptions result in lost work hours and financial hardship, underscoring the broader socio-economic consequences of inadequate cybersecurity protections in mass transit technologies.
What to watch next
The government’s current investigation into these apps and vulnerable battery systems is ongoing. Authorities will likely continue collaborating with app marketplaces like Google Play and Apple App Store to tighten security vetting processes and prevent the distribution of applications enabling misuse. The situation highlights the urgent need for industry stakeholders and regulators to establish robust security standards for aftermarket Bluetooth-enabled battery management systems deployed in e-rickshaws and other electric vehicles.
Going forward, close attention should be paid to any regulatory developments addressing cybersecurity standards for electric vehicle components, the emergence of updated or replacement apps with enhanced protections, and efforts to educate drivers on identifying and mitigating these risks. This incident may also prompt wider governmental action to safeguard public transport infrastructure from potential Bluetooth-based vulnerabilities.