How BAT-BMS and similar apps banned by govt can remotely stop e-rickshaws


New Delhi, July 3 (IANS) The mobile applications, including Chinese BAT-BMS, have come under scrutiny after videos circulating on social media allegedly showed individuals remotely switching off moving e-rickshaws using their smartphones, raising concerns over safety and cybersecurity.

The Ministry of Electronics and Information Technology (MeitY) has directed Google Play Store and Apple App Store to remove such mobile applications — the BAT-BMS, Lossigy and Epoch i-ion — while examining its cybersecurity implications.

One of them was developed by China’s Shenzhen Grenergy Technology for Bluetooth-enabled lithium-ion batteries.

It is designed to help battery owners monitor key parameters such as voltage, current, temperature, charging cycles and overall battery health in real time.

In addition, the app also allows users to manage certain battery functions, including turning the battery’s discharge function on or off for maintenance and safety purposes.

In India, many e-rickshaw manufacturers use lithium-ion batteries equipped with Bluetooth-enabled Battery Management Systems (BMS). In several cases, these systems are installed without password protection or continue to operate using factory-default credentials.

As a result, anyone within Bluetooth range — typically around 10 to 20 metres — can connect to the battery using the BAT-BMS app or similar applications.

If connected successfully, the user can switch off the battery’s discharge function, instantly cutting power to the vehicle.

Since the battery itself is disabled, the driver cannot restart the e-rickshaw using the ignition key. The vehicle can only be restored after reconnecting to the battery through the app and re-enabling the discharge function.

Speaking to IANS, an e-rickshaw driver said that the issue first came to light only a few days ago, when his vehicle suddenly stopped working.

“Initially, we thought there was a fault in the vehicle and took it to a mechanic. After checking it, he told us there was no mechanical problem. He said someone had switched off the battery using software,” the driver said.

According to him, the mechanic charged around Rs 300 to reconnect the battery through a mobile application and restore power.

“He opened the app on his phone, switched the battery back on and the vehicle started working again,” he said.

The driver claimed the problem had recurred while he was carrying passengers. “Someone switched it off again while I was on the road. We don’t know who is doing it.

If the battery gets locked, it can only be unlocked through the same app. We are drivers, not technology experts, so we don’t know how to deal with such issues,” he told IANS.

Although the vulnerability is limited to vehicles that meet two conditions, they use Bluetooth-enabled lithium-ion batteries, and the battery management system lacks password protection or proper authentication.

Many e-rickshaws in India still operate on lead-acid batteries, which do not have Bluetooth-enabled battery management systems and are therefore not vulnerable to this issue.

Similarly, newer lithium-ion battery systems that use strong passwords, encryption or proprietary software cannot be accessed through generic battery management applications.

Meanwhile, passenger cars and most branded electric vehicles also incorporate multiple layers of cybersecurity and encrypted communication between their battery management systems and vehicle electronics, making such unauthorised access significantly more difficult.

–IANS

ag/


Back to top button