
The government has directed the removal of three Chinese battery management applications after they were found to pose a potential cybersecurity risk for certain e-rickshaws. The move comes after videos surfaced online showing vehicles being remotely switched off using mobile apps, raising concerns about road safety and unauthorised access to electric vehicle systems.
The issue is linked to Bluetooth-enabled battery management systems used in some low-cost, unbranded lithium battery packs fitted to e-rickshaws. These battery management apps are designed to display information such as battery health, voltage and charging status. However, they also include a feature that allows users to enable or disable the battery’s power output.
Some of these battery systems lack password protection or use default credentials, making it possible for nearby users to connect via Bluetooth. Since the connection range is typically around 10 to 15 metres, unauthorised users could potentially switch off an e-rickshaw while it is in operation.
The possibility of remotely disabling a moving vehicle has raised safety concerns, particularly in urban areas where e-rickshaws are widely used for passenger transport. A sudden loss of power could leave vehicles stranded or create hazardous situations in traffic.
In response, the Ministry of Electronics and Information Technology (MeitY) has instructed that the identified applications be removed and is working with app platforms to restrict similar software that could be misused in the future.
The reported vulnerability is understood to affect only certain unbranded battery packs used in some e-rickshaws. Electric two-wheelers, passenger cars and other EVs from established manufacturers generally use encrypted battery management systems with secure authentication, making them less susceptible to this type of issue.
For affected users, restoring battery operation typically involves switching the battery’s main circuit breaker (MCB) off and on, reconnecting to the battery management system and changing the default Bluetooth password to improve security.
The incident has renewed focus on the need for stronger cybersecurity measures and authentication standards for connected components used in electric vehicles, particularly in the growing e-rickshaw segment.




