Government Cracks Down on Vulnerable EV Battery Apps Following Viral E-Rickshaw Incidents
- MGMMTeam

- Jul 3
- 3 min read
In a prompt response to emerging cybersecurity risks in the electric mobility sector, the Indian government has directed Google and Apple to remove the BAT-BMS app and two similar applications from their digital stores. The decision addresses public concerns raised by viral videos depicting e-rickshaws being remotely disabled, highlighting the need for stronger safeguards in connected vehicle technologies.

The Trigger: Viral Videos and Public Safety Concerns
Social media platforms recently saw a surge in videos showing e-rickshaws suddenly stopping in the middle of roads. Individuals appeared to use mobile applications to connect via Bluetooth to the vehicles' battery systems, cutting power and leaving drivers stranded. These incidents sparked widespread alarm among commuters and operators, many of whom depend on e-rickshaws for their daily livelihood.
Authorities in Delhi and other cities quickly took note. The Delhi Transport Department launched an investigation after receiving reports through social media, with officials emphasizing the importance of verifying claims and ensuring road safety. Similar cases, including one leading to an arrest in Ujjain for alleged extortion, further underscored the potential for misuse.
Understanding the BAT-BMS App and Its Vulnerabilities
The BAT-BMS application, developed by a Chinese firm, serves as a tool for monitoring and managing lithium-ion batteries equipped with Bluetooth-enabled Battery Management Systems (BMS). Legitimate users, such as technicians and dealers, rely on it to check battery health, charging status, and diagnose issues.
However, many affordable e-rickshaw batteries lack robust security features like password protection or encryption. Within a short Bluetooth range, compatible apps can access controls, including a discharge switch that halts power supply. This technical loophole, rather than any inherent flaw in the apps themselves, enabled unauthorized interference in vulnerable systems. Modern electric cars with advanced encrypted BMS remain largely unaffected.
Swift Government and Ministerial Action
The Ministry of Electronics and Information Technology (MeitY) acted decisively upon becoming aware of the issue. IT Secretary S. Krishnan confirmed the removal of BAT-BMS, Lossigy, and Epoch-i-ion apps, stressing the importance of due diligence by app stores in preventing potentially harmful applications from reaching users.
Investigations continue to assess the full scope of vulnerabilities and explore preventive measures. This coordinated effort between central and state agencies aims to protect both public safety and the rapidly growing EV ecosystem in India.
Broader Implications for Electric Mobility
India's push toward electric vehicles has brought affordable e-rickshaws to millions, supporting urban transport and employment. Yet, this incident reveals the challenges of integrating connected technologies without adequate cybersecurity protocols. It serves as a timely reminder for manufacturers, regulators, and users to prioritize secure designs, regular updates, and awareness.
Experts advocate for industry-wide standards, including better authentication for BMS units and enhanced oversight of imported components, to build consumer confidence as EV adoption accelerates.
The MGMM Outlook
India's transition to electric mobility cannot be judged solely by the rapid growth of EV adoption; it must also be measured by the security and resilience of the technology that powers it. The recent incidents involving e-rickshaws expose how weak cybersecurity standards in low-cost battery management systems can create risks for public safety and disrupt the livelihoods of thousands of drivers. As connected technologies become more common, manufacturers must treat digital security as a fundamental design requirement rather than an optional feature, while regulators should ensure that imported components and software meet stringent security benchmarks.
The swift removal of vulnerable battery management apps reflects the importance of timely government intervention, but it also highlights the need for a long-term strategy that goes beyond reactive measures. Establishing mandatory cybersecurity standards, enforcing stronger authentication for battery systems, and increasing awareness among manufacturers and users will be essential to protecting India's expanding EV ecosystem. Strengthening these safeguards today will help build public confidence and ensure that the country's electric mobility revolution remains secure, reliable, and sustainable.




Comments