The Indian IT Ministry has removed three Chinese apps—BAT-BMS, Lossigy, and Epoch-i-ion—from app stores for exploiting battery management systems. These apps allowed unauthorized users to remotely shut down electric rickshaws via Bluetooth. This move highlights growing cybersecurity risks in the rapidly expanding low-cost electric vehicle sector in India.
What Happened
India's Ministry of Electronics and Information Technology has ordered the removal of three mobile applications—BAT-BMS, Lossigy, and Epoch-i-ion—from app stores. The government intervened following reports that these apps were being used to remotely disable the battery power of e-rickshaws. IT Secretary S. Krishnan confirmed on Friday that the applications were removed once they were brought to the government's notice. The issue came to light after videos circulated showing e-rickshaws being unexpectedly switched off, raising concerns about the security of internet-connected vehicle systems used in the country's public transport network.
Exploiting Battery Management Systems
These applications are designed to interact with Battery Management Systems (BMS), which monitor vital data such as battery temperature, voltage, and health. However, the investigation found that the apps exploited security vulnerabilities in low-cost, Chinese-manufactured battery systems. Many of these systems lack basic password protection or encryption for their Bluetooth connectivity. Because these systems operate on short-range wireless connections, a person nearby can connect to the vehicle's battery via their smartphone and terminate the power output, effectively stranding the driver.
The Security Risk for EV Components
This incident points to a broader challenge regarding the supply chain and security standards of electric vehicle components in India. Many entry-level electric rickshaws rely on cost-effective, imported components. The incident highlights that while these components are functional, they often prioritize lower costs over robust cybersecurity. As the adoption of electric vehicles in the last-mile connectivity segment grows, the lack of standardized security protocols for vehicle management software could present recurring operational risks for drivers and fleet operators.
Government Oversight and App Store Responsibility
IT Secretary S. Krishnan emphasized that digital platforms must exercise greater diligence regarding the software they host. The government is now expected to hold discussions with app stores to strengthen verification processes for applications that interface with hardware, particularly in the automotive and critical infrastructure sectors. The Delhi government’s transport department has also initiated a review of the situation to understand the extent to which these applications have impacted local vehicle operators.
What Investors Should Track
For investors, the key area to watch is the tightening of regulatory standards for automotive software and EV components in India. The government’s focus on cybersecurity could lead to stricter compliance requirements for manufacturers and component suppliers, which may impact production costs or product design choices. Future monitorables include any new government directives regarding hardware security certifications for electric vehicles and how this impacts the pricing and selection of battery management systems by Indian EV makers.
