Government takes action against Chinese apps capable of remotely disabling e-rickshaws.

Government takes action against Chinese apps capable of remotely disabling e-rickshaws.
The government has mandated the withdrawal of three Chinese battery management apps following their misuse to remotely deactivate e-rickshaws, raising significant concerns regarding the cybersecurity and safety of budget-friendly electric vehicles.

This decision comes in response to numerous viral videos depicting individuals shutting off moving e-rickshaws via mobile apps. Such misuse has stranded several vehicles on roadways, underscoring a security flaw in specific battery management systems utilized in non-branded lithium battery packs.

The focus of the issue is on BAT-BMS, a battery management app created by a Chinese tech firm for monitoring Bluetooth-enabled lithium batteries. The app enables users to assess battery health, voltage, and other operational metrics. However, it incorporates a battery discharge control feature that allows for the powering on or off of the battery output.
The vulnerability arises from low-cost, unbranded e-rickshaw batteries that lack password protection. This permits anyone within a Bluetooth range of approximately 10 to 15 meters to pair with the battery and deactivate its output using the app.

This flaw poses risks that go beyond mere inconvenience, as turning off an e-rickshaw mid-traffic could greatly heighten the likelihood of road accidents, especially when passengers are aboard.

The government has intervened to address the misuse. The Ministry of Electronics and Information Technology (MeitY) has instructed the removal of three Chinese battery management applications associated with the remote shutdown feature and is collaborating with app stores to prevent similar apps from becoming available.

The vulnerability seems to be confined to inexpensive, non-branded battery packs that are commonly utilized in e-rickshaws. Electric scooters, motorcycles, and vehicles from established manufacturers are generally secure, as they employ encrypted battery management systems with robust authentication protocols.

Drivers facing this issue can restore battery functionality by turning off the main circuit breaker (MCB), waiting a few seconds, and then turning it back on. They will need to reconnect to the battery management app, re-enable the discharge function, and change the default Bluetooth password to avert unauthorized access in the future.

This incident has once again emphasized the necessity of cybersecurity standards in connected electric vehicle components, particularly in the swiftly growing e-rickshaw sector, where low-cost hardware and insufficient security measures can expose users to operational and safety hazards.

Previous Article

China responds to Modi-Takaichi meeting, cautions India and Japan about creating 'exclusive alliances'

Next Article

Star Air announces monsoon promotion with one-way tickets starting at ₹1,799.