The Union government has issued orders to block battery management apps after it was discovered that some users were able to remotely shut down e-rickshaw batteries using these apps, even while the vehicles were transporting passengers. According to an official, the apps, mostly developed by Chinese firms, appear to be designed for legitimate battery owners. However, the developers of three such apps, Shenzhen Grenergy Technology, Shenzhen Ruichuang Lineng Technology, and Daly BMS, did not respond to queries regarding the issue.
The blocking of these apps may not completely eliminate the vulnerability, as they do not require internet access to hijack and shut off battery units without a configured password or PIN. Furthermore, testing standards to certify e-rickshaws do not include cybersecurity requirements, leaving them open to such exploits. Lithium ion battery packs include battery management systems to monitor charge, voltage, temperature, and cell health, but these systems can be compromised using the apps. Instagram reels demonstrating this vulnerability on roads went viral over the week, showing rickshaws grinding to a halt.
A senior official pointed out that stranding vehicles in this manner is a punishable offense, and that regular IPC/BNS sections of criminal mischief will apply. In one instance, a person was caught demanding money from e-rickshaw drivers after using the exploit to disable their vehicles in Ujjain, Madhya Pradesh. The police caught the individual after receiving information about a targeted extortion incident at Loti Tiraha.
According to Neel Ganga Police Station in-charge Tarun Kuril, the racket came to light after an auto-rickshaw driver’s vehicle stalled, and a young man charged him ₹200 under the pretext of fixing it. The driver revealed that e-rickshaws in the city were being shut down remotely, and that some miscreants were using the app to immobilize the vehicles and then demand money to restart them.