The Indian government has ordered the removal of three smartphone applications—BAT-BMS, Lossigy, and Epoch-i-ion—following reports that they were being misused to remotely disable battery-operated e-rickshaws. According to IT secretary S Krishnan, the action was taken after authorities identified that the apps were connecting to vehicle battery management systems via Bluetooth to shut down power output.
Did You Know? The application BAT-BMS was developed by Shenzhen Grenergy Technology in China’s Shenzhen province as a battery management tool that enables users to monitor battery health and remotely manage compatible lithium batteries, but its remote-control functionality has been exploited to strand vehicles.
How the Remote Disabling Works
Preliminary government findings indicate the targeted apps allow users to wirelessly connect to Bluetooth-enabled lithium batteries within a limited range. The security vulnerability stems from many budget e-rickshaws utilizing Chinese-manufactured Battery Management Systems (BMS) that lack basic password protection or authentication. This design flaw allows nearby individuals to access the system, effectively cutting off the battery’s power discharge and leaving vehicles immobile.

Government Response and Oversight
IT secretary S Krishnan confirmed the removal orders during a CII Cybersecurity Summit, noting that the government intends to press app stores for greater due diligence regarding potentially harmful software. Simultaneously, the Delhi government has directed its transport department to investigate the claims surrounding the BAT-BMS application. Transport minister Pankaj Singh stated that officials are examining the matter, although no formal written complaints have been filed with the department to date.
Expert Insight: The incident highlights a critical gap in the security of vehicle management systems. When hardware manufacturers prioritize cost-cutting by omitting authentication protocols, they create a target for malicious actors. Future regulatory efforts will likely focus on enforcing minimum security standards for imported vehicle management systems to prevent similar disruptions.
What Happens Next
Following the removal of the three identified apps, authorities are expected to continue monitoring app stores for similar tools that may leverage unsecured Bluetooth connectivity. The transport department’s investigation into the BAT-BMS application may lead to broader verification requirements for battery management software used in commercial electric vehicles. Additionally, the government’s push for increased due diligence from app platforms suggests a potential shift toward stricter vetting processes for utility applications that interface with critical hardware.
Frequently Asked Questions
Which applications were removed by the government?
Government sources confirmed that removal orders were issued for three specific apps: BAT-BMS, Lossigy, and Epoch-i-ion.
How were the apps being used to stop e-rickshaws?
The apps were used to connect to the vehicles’ Bluetooth-enabled Battery Management Systems. By accessing these unsecured systems, users could remotely switch off the battery’s discharge function.
Why are these vehicles vulnerable?
Many budget e-rickshaws use Chinese-manufactured battery systems that lack password protection or authentication, allowing unauthorized users within range to connect to the battery and disable it.
How should operators of electric vehicles verify the security of their onboard systems to prevent unauthorized access?
