The government has ordered the blocking of BAT-BMS, Lossigy and Epoch i-ion after reports that the apps were misused to remotely disable some electric vehicles through unsecured Bluetooth-enabled battery management systems.

Centre Orders Blocking of Chinese EV Battery Apps Over Remote Disabling Risk

The420.in Staff
2 Min Read

The Government of India has ordered the blocking and removal of Chinese mobile applications BAT-BMS, Lossigy and Epoch i-ion following reports that they were being misused to remotely disable electric vehicles. The action comes amid safety and cybersecurity concerns linked to Bluetooth-enabled battery management systems used in some electric vehicles, including certain e-rickshaws.

Apps Linked to Battery Management Systems

According to government officials, the applications could be used to interfere with the functioning of some electric vehicles by connecting to unsecured Bluetooth-enabled battery management systems.

FCRF Launches Certified AI-Powered SOC Analyst Program to Train the Next Generation of Cyber Defence Professionals

Authorities have directed app stores to remove the applications and advised greater scrutiny before allowing similar apps to be listed in future. Officials said the move is aimed at preventing misuse of connected battery technologies that could endanger road users and disrupt public transport operations.

Weak Bluetooth Security Under Scanner

The BAT-BMS application was originally developed as a battery management tool for monitoring battery charge, voltage, temperature and other diagnostics in compatible lithium-ion batteries.

However, investigations indicate that some battery systems with weak or default Bluetooth security settings could be accessed by unauthorised users. This could allow misuse of battery control functions in vehicles fitted with compatible systems.

Viral Videos Raised Concern

The issue gained national attention after viral videos appeared to show individuals remotely switching off moving e-rickshaws using smartphone applications. Experts noted that the vulnerability does not affect all electric vehicles and is limited to compatible battery systems lacking proper authentication and security protections.

The incident has triggered wider discussion on cybersecurity standards for India’s expanding electric mobility ecosystem.

A researcher at Algoritha Security said the case highlights the need for secure-by-design battery management systems with strong authentication, encrypted Bluetooth communication and restricted administrative controls. The researcher said EV manufacturers should protect battery management interfaces against unauthorised access, while users should enable available security features and avoid leaving Bluetooth-enabled systems open to unrestricted connections.

Stay Connected