The Indian government has taken decisive action against three mobile applications—BAT-BMS, Lossigy, and Epoch-i-ion—by instructing tech giants Google and Apple to remove them from their platforms. These apps were reportedly exploited to remotely deactivate e-rickshaws mid-journey, posing severe safety risks to passengers.
App Misuse and Safety Concerns
The crackdown follows the circulation of viral videos showing individuals utilizing these applications to identify and disable nearby e-rickshaws. The apps, originally intended to serve as Battery Management System (BMS) tools, were supposed to help fleet operators and vehicle owners monitor battery levels, track locations, and immobilize vehicles in case of theft or loan default.
However, unauthorized users, including rival financiers and pranksters, began exploiting the remote shutdown feature, disabling vehicles without the owner’s consent. This misuse has raised significant safety concerns and prompted the government’s intervention.
Security Vulnerabilities and Legal Framework
Unlike standard vehicle-tracking apps, these applications maintained persistent connectivity between the e-rickshaw’s battery controller and the app’s server, allowing users with access credentials to remotely send shutdown commands. The lack of robust authentication and control measures turned a convenience into a potential hazard.
Security experts have pointed out that IoT-enabled kill switches in low-cost electric vehicles are particularly susceptible to breaches due to manufacturers prioritizing cost over security. This incident is addressed under Section 69A of the Information Technology Act, which the Ministry of Electronics and Information Technology has previously used to ban apps threatening public safety.
Implications for the E-Rickshaw Sector
This situation highlights the growing issues surrounding IoT-enabled features in India’s rapidly expanding e-rickshaw sector. As BMS vendors race to incorporate advanced features, the lack of adequate security measures can turn them into vulnerabilities.
To mitigate such risks, it is crucial for fleet operators to enforce multi-factor authentication for apps capable of disabling vehicles and implement geofencing to prevent shutdowns while in transit. Additionally, maintaining audit logs of remote commands and conducting security audits of backend systems are recommended practices.
The intervention by Indian authorities underscores the importance of robust cybersecurity measures in safeguarding public safety in the evolving landscape of electric and autonomous vehicles.
