Reports highlight a critical security flaw in some electric vehicles (EVs) that allows unauthorized individuals to remotely disable them using common smartphone applications. This vulnerability primarily affects certain Bluetooth-enabled Battery Management Systems (BMS) found in electric three-wheelers and other EVs, raising serious concerns about vehicle safety and operational integrity.
Understanding the BAT-BMS Vulnerability
Modern electric vehicles, especially e-rickshaws, often utilize lithium-ion batteries paired with Bluetooth-enabled Battery Management Systems. These BMS units are crucial for monitoring battery health, charge levels, voltage, and temperature. Owners typically use companion apps, such as BAT-BMS, developed by manufacturers like Shenzhen Grenergy Technology, to access this vital data wirelessly.
How the 'Kill Switch' Works
The core of the problem lies in certain budget battery packs that ship with their Bluetooth functionality enabled by default, often without any password protection or authentication layer. This lack of basic access control means that anyone within approximately 15 meters can connect to the vehicle's battery using a compatible app. Once connected, a malicious user can simply tap a "Discharge Switch" option, instantly cutting power to the vehicle. This action brings the EV to a halt, and it cannot be restarted until the battery is reactivated via the same app, potentially stranding passengers or creating hazardous situations on busy roads.
Not All EVs Are Affected
It's important to note that this vulnerability does not impact all electric vehicles. Older e-rickshaw models relying on lead-acid batteries are generally safe, as they lack Bluetooth support. Furthermore, many newer lithium-ion battery systems are now incorporating password protection or proprietary applications that prevent unauthorized connections. Therefore, the concerns are largely confined to EVs equipped with low-cost, unsecured Bluetooth BMS units.
Preventing Unauthorized Access
Fortunately, addressing this security gap does not necessarily require new hardware and can often be resolved through simple software adjustments. Vehicle owners are advised to take the following steps to protect their EVs:
- Change Default Passwords: If your BMS app supports it, navigate to the settings or parameter menu and change any default password to a strong, unique one.
- Enable Lock Features: Look for and activate security features such as "Remote Control Lock" or "App Control Lock" within the application. These features are designed to block unauthorized devices from establishing a connection.
- Disconnect Bluetooth When Not in Use: If you are not actively monitoring your battery, ensure that the Bluetooth connection to your BMS is disconnected. This minimizes the window of opportunity for potential misuse.
By implementing these preventive measures, EV owners can significantly reduce the risk of their vehicles being remotely disabled by unauthorized parties, enhancing both safety and peace of mind.