ADVERTISEMENT

The government has ordered the removal of three Chinese mobile applications - BAT-BMS, Lossigy and Epoch-i-ion - from app stores after they were allegedly misused to remotely disable battery-operated vehicles in India, official sources said on Friday, amid heightened concerns over cybersecurity vulnerabilities in internet-connected mobility systems.
The action follows the emergence of multiple videos on social media showing electric rickshaws being rendered inoperable through a remote shutdown feature linked to the BAT-BMS application. The videos triggered concerns over the ability of third-party applications to remotely access and control critical vehicle functions, raising questions about the cybersecurity safeguards built into battery management systems used in electric vehicles.
Government sources said the three applications were found to be misused to remotely disable battery-operated vehicles and have been ordered to be removed from app stores.
They added that authorities would also move to block any other application found to be facilitating similar misuse.
The government is also engaging with app marketplace operators to prevent the distribution of applications that could pose cybersecurity risks, the sources said.
BAT-BMS is a Bluetooth-enabled battery management application developed by China's Shenzhen Grenergy Technology Co. Ltd. for monitoring and managing compatible lithium battery packs. The app allows users to view battery parameters such as charge level, voltage, current and temperature, and to control charging and discharge functions on compatible batteries.
Concerns centre on the lack of authentication in some Bluetooth-enabled battery management systems used in low-cost e-rickshaws, which allegedly allowed unauthorised users within Bluetooth range to disable vehicles remotely.
BAT-BMS works within a Bluetooth range of roughly 15 metres and can connect to multiple batteries simultaneously. The app itself is marketed as a battery monitoring and management utility rather than a vehicle control application.
Lossigy and Epoch-i-ion (Epoch Li-ion) are similar BMS applications used with Bluetooth-enabled lithium batteries from other manufacturers.
The viral videos showed individuals approaching e-rickshaws, pairing with compatible batteries over Bluetooth and switching off the battery's discharge output, leaving vehicles stranded. Some reports also alleged that pranksters subsequently offered to "fix" the vehicles for a fee after restarting them using the same app.
Some BMS units lacked password protection or robust authentication, allowing anyone within Bluetooth range to pair with the battery and disable its discharge function, effectively immobilising the vehicle.
Earlier on Friday, IT Secretary S Krishnan - speaking on the sidelines of a CII Cybersecurity summit - asserted that app stores must exercise due diligence, and said the government would take up the matter with them to ensure that potentially harmful apps are not made available.
The latest action comes as India steps up scrutiny of digital platforms and connected technologies amid growing concerns over cybersecurity, data security and the resilience of critical digital infrastructure.