🏠 News Empire
tech

Bluetooth App Exploit Reveals Cybersecurity Gaps in India's E-Rickshaws

Published on: 07 Jul 2026, 10:46 AM
Bluetooth App Exploit Reveals Cybersecurity Gaps in India's E-Rickshaws

In recent weeks, reports of e-rickshaws being remotely disabled via smartphone apps have raised serious concerns about cybersecurity in India's growing electric vehicle fleet. The incidents, which first came to light in Delhi, involve the use of Bluetooth-based battery management applications to cut power to moving vehicles, stranding drivers and passengers.

The Ministry of Electronics and Information Technology (MeitY) has directed Google and Apple to remove several battery management applications from their stores, including BAT-BMS, Lossigy and Epoch i-ion, pending a review of their cybersecurity risks. The Delhi transport department has also launched an investigation, and police in cities like Ujjain have registered cases where alleged miscreants used such apps to disable vehicles and demand money for restoration.

At the centre of the issue is the Battery Management System (BMS), a standard component in lithium-ion batteries that monitors parameters like voltage, temperature and charge cycles. Some BMS units allow users to enable or disable battery discharge as a maintenance feature. The BAT-BMS app, developed by Shenzhen Grenergy Technology, was designed for such legitimate monitoring. However, security flaws in the system have made these controls accessible to unauthorised users.

Certified ethical hacker Abdultaiyeb Chechatwala told The Times of India that the problem lies not in the app itself but in the underlying design of the BMS. According to him, many low-cost battery manufacturers use generic software from third-party vendors that lacks robust encryption and authentication. This allows anyone with the app and Bluetooth range to send commands to the battery, effectively shutting down the vehicle remotely.

Experts emphasise that this is not an isolated app problem but a broader cybersecurity vulnerability affecting thousands of e-rickshaws, particularly those using inexpensive or unbranded batteries. The risk extends beyond e-rickshaws to any vehicle or device that relies on such insecure BMS units. While modern electric cars often have more secure systems, the incident highlights a critical oversight in the rapid expansion of electric mobility.

Cybersecurity researchers warn that the exploitation of such vulnerabilities could have serious consequences for road safety. A vehicle stopping without warning in heavy traffic could cause accidents. The human cost is also evident: drivers lose income and face unexpected expenses, while some have been extorted by those wielding the app.

The government's swift action in calling for app removals is a first step, but experts argue that regulatory standards for battery security are needed. Without mandatory encryption and authentication in BMS software, similar exploits may reappear under different app names. The incident serves as a reminder that as India transitions to electric vehicles, cybersecurity must be integrated into the design and certification process.

Latest in Tech 10
Anthropic Discovers Hidden 'Thinking' Workspace in Claude AI Model
tech

Anthropic Discovers Hidden 'Thinking' Workspace in Claude AI Model

Anthropic researchers have discovered a hidden internal workspace in their Claude AI model, called J-space, which allows the model to process concepts silently before generating responses. The findings, detailed in a new research paper, could improve interpretability of AI systems but do not imply consciousness.

Indian Express 07 Jul 2026, 07:28 AM
Read More →
WhatsApp Gets Extension on Username Feature Notice, Promises No India Rollout Until Talks End
tech

WhatsApp Gets Extension on Username Feature Notice, Promises No India Rollout Until Talks End

WhatsApp has received a three-day extension to respond to a government notice on its proposed username feature, and has assured that it will not launch the feature in India until discussions with authorities conclude. The government had flagged concerns that the feature, which allows communication without sharing phone numbers, could increase fraud and impersonation risks.

Indian Express 07 Jul 2026, 06:09 AM
Read More →
Midjourney Escalates Copyright Battle, Seeks Disclosure of Studio AI Projects
tech

Midjourney Escalates Copyright Battle, Seeks Disclosure of Studio AI Projects

Midjourney has asked a US court to force Disney, Universal, and Warner Bros to disclose their internal AI projects as part of a copyright lawsuit. The studios accuse Midjourney of training its models on copyrighted characters, while Midjourney argues it needs the evidence for a fair defence. The case could set a key precedent for AI and copyright law.

Indian Express 06 Jul 2026, 12:01 PM
Read More →
Cybercrime’s New Frontier: Fraud-as-a-Service Grows as a Subscription Model
tech

Cybercrime’s New Frontier: Fraud-as-a-Service Grows as a Subscription Model

Cybercrime is increasingly operating on a subscription model called fraud-as-a-service (FaaS), offering tools like phishing kits and ransomware for a fee. This trend lowers the barrier for entry, making sophisticated attacks accessible to low-skilled criminals. Experts call for stronger cybersecurity measures and international cooperation to counter the growing threat.

Times of India 06 Jul 2026, 05:02 AM
Read More →
→ View All Tech News