Centre Orders Removal of BAT BMS, Epoch Li-ion Apps After E-Rickshaw ‘Prank’ Misuse

The Centre has ordered the removal of two mobile applications—BAT BMS and Epoch Li-ion—from both the Google Play Store and Apple App Store after it was discovered that they are being abused to remotely disable e-rickshaws in Delhi.

Centre Orders Removal of BAT BMS | Photo Credit: https://x.com/PayallSingh13
Centre Orders Removal of BAT BMS | Photo Credit: https://x.com/PayallSingh13

The action comes after there were concerns that the apps, originally set up for battery management, were being used by people to switch off moving e-rickshaws by Bluetooth-based technology, leaving drivers stranded in the middle of the road.

BAT BMS and Epoch Li-ion are battery management system (BMS) applications that monitor lithium-ion batteries. They allow users to check battery parameters such as voltage, temperature, current and charging status in real time. But the apps also have battery control functions that can remotely cut power to compatible batteries.

The Ministry of Electronics and Information Technology (MeitY) has now ordered both the applications in the public app store to be removed.

According to MeitY Secretary S. Krishnan speaking with NDTV Profit, the government would work together with app store operators to make sure that such apps that cause such damage are not made publicly available.

The problem was brought to light when videos emerged of people using the apps to play what was described as a “prank” on e-rickshaw drivers. The process involved opening the app, connecting to a nearby lithium-ion battery via Bluetooth and activating the discharge switch. The battery in the e-rickshaw could be switched off with a single tap, and suddenly the e-rickshaw would stop running.

Drivers were left confused as their vehicles suddenly lost power while in motion. In some cases the e-rickshaw could only be restarted after reconnecting to the battery through the same application and switching it back on.

The purpose of these applications is to manage battery performance for management and monitoring, said a senior Delhi government official. But with lack of basic security guarantees they were vulnerable to misuse, he said.

"There is no password or authentication. As a result, cutting power output and bringing the vehicle to a sudden halt becomes easy," the official said.

The incident has raised questions about cybersecurity and safety in connected electric vehicles. In addition, battery management systems with wireless connections need to have authentication in place to avoid unauthorised access -- passwords, encrypted communication and device pairing are some examples.

The Centre’s decision to seek the removal of the apps will prevent further misuse in an environment where the development of security standards for battery management software used in electric vehicles is in progress.