Why Government Asked to Remove E-Rickshaw Battery Apps

    0
    3


    4 min readNew DelhiJul 3, 2026 04:39 PM IST

    The government Friday directed Apple and Google to take down at least three apps over reports of them being misused to remotely switch off some e-rickshaws amid cybersecurity concerns and passenger safety risks. 

    The move follows the circulation of videos on social media showing individuals connecting to nearby e-rickshaws through Bluetooth and disabling their battery management systems or BMS while the vehicles were in motion. The apps that have been directed to be blocked include BAT-BMS, Lossigy, and Epoch Li-ion. At least a couple of them are of Chinese-origin.

    What is a BMS?

    A battery management system (BMS) essentially tracks the state of a battery, with the primary aim of eliminating variations in performance of individual battery cells to allow them to work uniformly inside a battery pack. This system is incorporated in an electric vehicle (EV) powered with a large-capacity lithium ion battery, and plays a key role in extending the battery’s service life and ensuring its safe use. 

    The top vendors of these systems include Texas Instruments, NXP Semiconductors, Analog Devices, Infineon Technologies, LG Chem, Panasonic, and Renesas Electronics. Chinese battery makers such as CATL and BYD are also big players in this space, alongside a host of smaller companies that cater to the unorganised segment.

     

    Automotive is the largest segment for BMS with a 50% market share that is primarily driven by EV battery management and hybrid vehicle energy optimisation. Energy accounts for 20%, with grid-scale battery storage and renewable energy integration, where companies such as Navitas Systems and Nuvation Energy are among the big players.

    The BMS ‘hack’

    The BAT-BMS app was originally developed by China’s Shenzhen Grenergy Technology as a legitimate battery management tool for Bluetooth-enabled lithium-ion batteries. The idea of having a Bluetooth connection point is to enable vehicles with these batteries to connect to the device remotely through an app and monitor the parameters of the battery on a real time basis.

    The app allows users to monitor a battery’s state of charge, voltage, current, temperature, charging cycles, and overall health. The application also enables compatible users to control charging and discharging functions, making it useful for battery diagnostics and maintenance.

    Story continues below this ad

    According to its Play Store listing, the app can connect wirelessly to batteries over Bluetooth Low Energy within an operating range of around 15 metres. Such apps are typically designed to be used at service centres for battery-related diagnostics. 

     

    The primary concern, however, lies with the security configuration of some BMS used in low-cost EVs. The apps in question could connect to the BMS within a limited range, and be used to cut battery power, bringing the vehicle to a sudden halt.

    This was primarily a problem in electric e-rickshaws, which use low-cost Chinese-made BMS without adequate password protection or default credentials. As a result, anyone standing within Bluetooth range may be able to pair with the battery using compatible applications such as BAT-BMS and disable the battery’s discharge function. Since the discharge circuit supplies power to the motor, switching it off can immediately immobilise the vehicle.

    Weak security settings

    Sources said that this is not a sophisticated hacking attack but rather the exploitation of weak security settings on connected battery systems. The app itself does not automatically gain control over every electric vehicle. It only works with batteries that support compatible Bluetooth-enabled BMS hardware.

    Story continues below this ad

    Many e-rickshaws continue to use lead-acid batteries, while several lithium-powered vehicles rely on proprietary battery management systems that cannot be accessed through applications like BAT-BMS.

    The problem with some of the low-cost Chinese lithium battery packs used in most e-rickshaws is that they come with Bluetooth-enabled BMS units that have little or no password protection. If such a battery is not adequately secured, anyone standing within Bluetooth range can potentially connect to it and they manipulate the settings, including turning off the battery’s discharge function. Since the discharge function supplies power to the motor, disabling it can immediately stop the vehicle.

    One safeguard here is to ensure that a password is mandatorily incorporated when the BMS app is activated, so that there is one layer of security instituted in the Bluetooth connection process.





    Source link

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here