A Chinese-made app intended for monitoring electric vehicle battery management systems (BMS) has been identified as a tool used by individuals to remotely disable e-rickshaws, raising concerns about the security of electric vehicles. The BAT-BMS app, developed by Shenzhen Grenergy Technology, allows users to monitor various battery parameters like charge, voltage, and temperature.
How the BAT-BMS App Poses a Risk
Initially designed to help e-rickshaw owners manage their vehicle's lithium battery, the BAT-BMS app has an unsecured Bluetooth connection that allows unauthorized remote access. Pranksters or malicious actors can exploit this vulnerability to remotely switch off the discharge function of an e-rickshaw's battery. This action instantly cuts power to the motor, causing the vehicle to abruptly stop, posing an immediate danger to commuters and road users.
Broader Implications for EV Cars and Bikes
While the immediate threat has been observed in e-rickshaws, experts suggest that Chinese-made EV apps like BAT-BMS could, in theory, remotely disable or restrict specific vehicle functions in other electric cars and bikes. This risk exists if the apps are deeply integrated with the vehicle's BMS and cloud-based control infrastructure, granting them administrative control over critical systems.
Many modern electric vehicles incorporate features that allow manufacturers to remotely manage aspects such as battery charging, firmware updates, and diagnostics. If an app or its backend server possesses administrative access to these systems, it might technically be possible to limit battery performance or disable certain functions. However, the extent of such control depends heavily on the vehicle's specific hardware, software architecture, and the level of access granted by the manufacturer. Currently, there is no widespread evidence that all BAT-BMS-enabled vehicles support or actively use these remote disable capabilities beyond the e-rickshaw incidents.
Protecting Your Electric Vehicle from Remote Interference
EV owners can significantly minimize the risk of remote interference by adopting several security best practices:
- Use Official Apps: Always use the official app provided by your vehicle or battery manufacturer and download it exclusively from trusted app stores.
- Keep Software Updated: Regularly update your vehicle's firmware and all associated apps to ensure you have the latest security patches.
- Strong Authentication: Employ strong, unique passwords for your accounts and enable two-factor authentication (2FA) wherever it is available.
- Be Cautious with Permissions: Avoid sharing login credentials and exercise caution when granting unnecessary permissions to third-party applications.
- Monitor Activity: Periodically review your account activity and connected devices for any suspicious access attempts.
- Disable Unused Features: If your EV allows it, disable any remote access features that you do not actively use.
- Choose Secure Manufacturers: Opt for electric vehicles and battery systems from manufacturers known for robust cybersecurity practices.
By following these guidelines, EV owners can enhance the security of their vehicles and mitigate potential risks associated with vulnerable remote management systems.