Search

Cookies

We use cookies to improve your experience. By continuing, you accept our use of cookies.

Business

Indian E-Rickshaw Cyber Scare: Chinese App Shutdowns Prompt Urgent EV Security Overhaul

· · 2 min read

Viral videos showed e-rickshaws remotely shut down by a Chinese app, BAT-BMS, exploiting weak EV battery security. The Indian government has issued an urgent advisory, demanding automakers implement robust cyber-safety protocols.

A recent wave of viral social media videos captured numerous e-rickshaws inexplicably grinding to a halt across India. Investigations revealed that a Chinese application, BAT-BMS, developed by Shenzhen Grenergy Technology, was allegedly used to remotely disable these vehicles by cutting off their battery discharge function. The app reportedly allowed anyone within a 10-15 meter Bluetooth range to connect to the e-rickshaws and interfere with their operation.

Government Issues Urgent Advisory on EV Cyber Vulnerabilities

The widespread disruption and public concern prompted the Indian government to take immediate action. The Ministry of Heavy Industries issued an “urgent advisory” to key automotive industry bodies, including the Society of Indian Automobile Manufacturers (SIAM), the Automotive Component Manufacturers Association of India (ACMA), and various testing agencies like ARAI, iCAT, NATRAX, and GARC. The advisory highlighted critical cyber vulnerabilities in electric vehicles that require urgent attention.

While the app itself is a legitimate tool for managing Bluetooth-enabled battery systems, the government identified a significant security loophole. This vulnerability arises when low-cost lithium battery packs are deployed with default factory settings, weak passwords, or a complete lack of Bluetooth authentication, making them susceptible to unauthorized access.

Apps Removed, But Core Flaws Remain

The Ministry of Electronics and Information Technology (MeitY) has already moved to remove BAT-BMS, along with similar apps like Epoch Li-ion, SMART BMS, and Lossigy, from app stores. However, officials caution that merely removing these applications addresses only the symptom, not the underlying security flaws within the vehicle's communication interfaces.

Industry Mandated to Enhance Cyber Security Protocols

To safeguard the burgeoning EV sector from future cyber threats, the government has directed the industry to take several immediate steps:

  • Automakers must audit their battery communication interfaces.
  • Eliminate unsecured default settings, weak authentication, and unprotected over-the-air pathways.
  • Collaborate directly with the Ministry of Road Transport and Highways (MoRTH), MeitY, and other stakeholders to establish stronger, more resilient cyber-safety design protocols at the factory level.

Looking ahead, MoRTH's draft notification proposes a phased implementation of new cyber security standards, set to begin on October 1, 2026. This initiative mandates that manufacturers begin developing systematic Cyber Security Management Systems (CSMS) and Software Update Management Systems (SUMS) immediately. These systems will be crucial for securing over-the-air (OTA) updates, implementing robust user authentication, and validating software integrity across all EV platforms. The industry has also been instructed to promptly report any discovered vulnerabilities or related security information.

Related