Government Orders Removal of BAT-BMS, Epoch Li-ion and Lossigy Apps After E-Rickshaw Security Concerns
The Ministry of Electronics and Information Technology (MeitY) has ordered the removal of the BAT-BMS, Epoch Li-ion and Lossigy applications from the Google Play Store and Apple App Store after reports that the apps were allegedly being misused to remotely disable certain lithium battery-powered e-rickshaws.
The action follows viral social media videos showing people connecting to compatible e-rickshaw battery systems through Bluetooth and switching off vehicle power, leaving drivers stranded. Authorities are also investigating the reported misuse of these applications, while state agencies have begun examining complaints linked to the incidents.
Why Were BAT-BMS and Similar Apps Removed?
BAT-BMS is a Battery Management System (BMS) monitoring application developed to communicate with compatible lithium battery packs through Bluetooth. Its intended purpose is to help manufacturers, service technicians and vehicle owners monitor battery parameters such as charge level, voltage, current, temperature, battery health and charging status.
However, investigations indicate that some e-rickshaws equipped with Bluetooth-enabled Battery Management Systems lacked adequate password protection or authentication. In such cases, a nearby device running a compatible application could connect to the battery management system and issue commands intended for maintenance functions.
This allowed some users to disable the battery’s discharge function, cutting power to the electric motor and bringing the vehicle to a stop. Reports from different parts of the country also alleged that some individuals exploited this vulnerability to demand money from drivers in exchange for restoring vehicle operation.
Following these incidents, MeitY directed the removal of BAT-BMS, Epoch Li-ion and Lossigy from app stores while authorities continue to investigate the issue and assess additional safeguards. Cybersecurity experts have also pointed out that unauthorised access to another person’s connected vehicle or battery management system may attract legal consequences under applicable provisions of the Information Technology Act.
It is important to note that the issue is linked to certain Bluetooth-enabled battery management systems rather than all electric rickshaws. Many vehicles use different battery technologies or proprietary systems that are not compatible with these applications.
Are Electric Cars and Two-Wheelers Also at Risk?
The recent incidents have raised concerns among electric vehicle owners, but experts say the vulnerability should not be viewed as affecting every EV on Indian roads.
Many modern electric cars and premium electric two-wheelers use proprietary Battery Management Systems with encrypted communication, secure authentication and manufacturer-controlled software ecosystems. These systems are designed with multiple security layers that make unauthorised access significantly more difficult than the Bluetooth implementations seen in some low-cost battery packs.
Similarly, numerous e-rickshaws still operate on conventional lead-acid batteries, which do not use Bluetooth-enabled Battery Management Systems and therefore are not exposed to this particular issue.
Cybersecurity specialists recommend that owners of compatible lithium battery-powered vehicles use only official applications provided by the manufacturer, install firmware updates whenever available, avoid sharing account credentials, and enable password protection or other authentication features if supported. Bluetooth should also remain disabled when it is not required for servicing or diagnostics.
Industry experts believe the incident serves as an important reminder that cybersecurity must become a larger priority as India’s electric mobility ecosystem continues to expand. Manufacturers are expected to strengthen software security, improve authentication methods and adopt encrypted communication protocols to reduce the risk of similar incidents in future connected vehicles.
While the investigation is still underway, the government’s action reflects a precautionary approach aimed at preventing misuse of battery management applications and improving the security of connected electric mobility technologies.