The Government of India has ordered the blocking and removal of Chinese mobile applications BAT-BMS, Lossigy and Epoch i-ion following reports that they were being misused to remotely disable electric vehicles. The action comes amid safety and cybersecurity concerns linked to Bluetooth-enabled battery management systems used in some electric vehicles, including certain e-rickshaws.
Apps Linked to Battery Management Systems
According to government officials, the applications could be used to interfere with the functioning of some electric vehicles by connecting to unsecured Bluetooth-enabled battery management systems.
Authorities have directed app stores to remove the applications and advised greater scrutiny before allowing similar apps to be listed in future. Officials said the move is aimed at preventing misuse of connected battery technologies that could endanger road users and disrupt public transport operations.
Weak Bluetooth Security Under Scanner
The BAT-BMS application was originally developed as a battery management tool for monitoring battery charge, voltage, temperature and other diagnostics in compatible lithium-ion batteries.
However, investigations indicate that some battery systems with weak or default Bluetooth security settings could be accessed by unauthorised users. This could allow misuse of battery control functions in vehicles fitted with compatible systems.
Viral Videos Raised Concern
The issue gained national attention after viral videos appeared to show individuals remotely switching off moving e-rickshaws using smartphone applications. Experts noted that the vulnerability does not affect all electric vehicles and is limited to compatible battery systems lacking proper authentication and security protections.
The incident has triggered wider discussion on cybersecurity standards for India’s expanding electric mobility ecosystem.
A researcher at Algoritha Security said the case highlights the need for secure-by-design battery management systems with strong authentication, encrypted Bluetooth communication and restricted administrative controls. The researcher said EV manufacturers should protect battery management interfaces against unauthorised access, while users should enable available security features and avoid leaving Bluetooth-enabled systems open to unrestricted connections.
