Skip to main content
Logo
4 min read
0 views
CARS

E-Rickshaw Battery App Security Alert: Govt Reportedly Orders Removal of Risky BMS Apps

India's e-rickshaw battery app security issue has put a spotlight on a quiet but important risk in connected electric mobility: a weakly protected battery-management app can become a road-safety problem, not just a software problem.According to the reported update, the government has ordered the rem...

M

By Maxabout Team

Automotive Journalist

Published

India's e-rickshaw battery app security issue has put a spotlight on a quiet but important risk in connected electric mobility: a weakly protected battery-management app can become a road-safety problem, not just a software problem.

According to the reported update, the government has ordered the removal of three Chinese battery-management applications after videos showed certain e-rickshaws being remotely switched off. The risk is said to involve some low-cost, unbranded lithium battery packs that use Bluetooth-enabled battery management systems, or BMS units, with weak or default access protection.

What happened?

The reported concern is not that every electric rickshaw or every EV can be switched off remotely. The issue appears narrower: some battery packs allow a nearby phone to connect over Bluetooth to the BMS app, view battery information, and in vulnerable cases disable battery output.

  • Reported action: three battery-management apps were ordered removed.

  • Reported range: Bluetooth access is said to work from roughly 10 to 15 metres.

  • Affected area: certain unbranded lithium battery packs used in some e-rickshaws.

  • Main risk: a sudden battery-output shutdown could strand the vehicle or create a traffic hazard.

E-rickshaw Bluetooth BMS security infographic
The reported risk chain is simple: unbranded pack, Bluetooth BMS, weak access, remote shutdown.

Why this matters for e-rickshaw owners

E-rickshaws are heavily used for last-mile passenger transport in Indian cities. Even a short loss of power can become serious if it happens in traffic, at an intersection, or while carrying passengers. That makes battery app security more than a convenience feature.

Battery-management apps are normally used to check data such as voltage, state of charge, battery health, and charging status. Those are useful features. The risk begins when the same access path also allows control over battery output and does not require strong authentication.

Affected vs lower-risk EVs

Vehicle or battery typeReported risk levelReason
Some e-rickshaws with unbranded lithium battery packsHigher concernBluetooth BMS access may use weak or default protection.
Established electric two-wheelers and passenger EVsLower for this specific issueThese generally use encrypted BMS authentication and tighter software controls.
Unknown replacement battery packsNeeds checkingSecurity depends on the supplier, BMS firmware, app access, and password policy.

What owners and operators should check

If an e-rickshaw uses an aftermarket or unbranded lithium battery pack, the first step is to ask the battery supplier how the BMS app is protected. A default Bluetooth password should not remain unchanged after installation.

  • Confirm whether the battery pack uses a Bluetooth BMS app.

  • Change the default Bluetooth/BMS password where the system allows it.

  • Avoid installing unknown battery-management apps from unofficial links.

  • Ask the supplier whether battery-output control can be restricted or locked.

  • If the battery has been disabled, follow the supplier-approved reset process rather than repeatedly trying random apps.

The reported recovery process for affected users may involve switching the battery's main circuit breaker off and on, reconnecting to the BMS, and changing the default Bluetooth password. Owners should still follow their battery supplier's instructions because battery layouts and BMS software vary.

The bigger EV cybersecurity lesson

This incident is a reminder that EV safety is no longer only about cells, chargers, and wiring. Connected components also need secure software design. As India electrifies last-mile mobility, small suppliers and replacement battery makers need the same basic discipline that larger OEMs already use: encrypted authentication, sensible default settings, limited control access, and a clear update path.

For buyers, the takeaway is not to avoid e-rickshaws or EVs. The practical lesson is to treat the battery pack and BMS app as important safety components. A cheap battery with weak app security can create risks that are invisible during a normal test ride.

FAQ

Are all e-rickshaws affected?

No. The reported issue is linked to certain e-rickshaws using vulnerable unbranded battery packs with Bluetooth-enabled BMS access. It should not be treated as a blanket issue across all e-rickshaws.

Are electric cars and scooters vulnerable to the same problem?

The report says established electric two-wheelers, passenger cars, and other OEM EVs are generally less susceptible to this specific issue because they usually use encrypted BMS authentication.

What is the simplest safety check?

Check whether the battery pack uses a Bluetooth BMS app and whether the default password has been changed. If the supplier cannot explain the access control clearly, that is a warning sign.

The e-rickshaw segment is vital for affordable urban mobility. Strengthening battery app security now can help keep that transition safer as more connected EV components enter daily public use.

Ad
MT

Maxabout Team

Editorial Team

Specializes in: Automotive News, Reviews, Analysis

The Maxabout editorial team consists of automotive experts, journalists, and industry analysts who bring you the latest news, reviews, and insights from the Indian automotive market.
About the Author

Want to read more automotive news?

Stay updated with the latest car launches, reviews, and industry insights.

Browse All News