Fri, 3 Jul
34°C

New Delhi

Partly Cloudy
Feels Like
38°C
Humidity
62%
Wind Speed
14 km/h
Visibility
8 km
UV Index
8 (Moderate)
Pressure
1008 hPa
Hourly Forecast
20:00
34°C
20%
21:00
34°C
25%
22:00
33°C
30%
23:00
33°C
35%
0:00
32°C
40%
1:00
32°C
45%
7-Day Forecast
Today
Partly Cloudy
26°C
35°C
Fri
Partly Cloudy
26°C
35°C
Sat
Partly Cloudy
26°C
35°C
Sun
Partly Cloudy
26°C
34°C
Mon
Partly Cloudy
27°C
34°C
Tue
Partly Cloudy
27°C
34°C
Wed
Partly Cloudy
27°C
33°C
DNI
BREAKING
Daily News Insights: AI-Powered News Platform — Updated On DemandBreaking coverage from India and the world, synthesized by Gemini 1.5 FlashLive pipeline: Firecrawl extraction • Supabase storage • Upstash caching
Home/Business

Government Cracks Down on Apps Allowing Remote Hijacking of E-Rickshaws

DNI
Daily News Insights Editorial Desk
FRIDAY, 3 JULY 2026 AT 06:31 PM·4 MIN READ
Government Cracks Down on Apps Allowing Remote Hijacking of E-Rickshaws
Wikimedia
IMAGE: DAILY NEWS INSIGHTS / NEWS DATA LABS

IR SUMMARY — KEY POINTS

  • The Indian government has ordered the immediate removal of three mobile applications after they were exploited to remotely disable e-rickshaws across various cities.
  • The controversy centers on the BAT-BMS, Losiji, and Epoch Li-ion applications which facilitated unauthorized access to vehicle power systems via unsecured Bluetooth connections.
  • Viral social media videos showed individuals using these tools to stop moving vehicles, prompting severe concerns regarding public safety and cybersecurity vulnerabilities.
  • Cybersecurity experts from firms like Cyble warn that the incident reflects a broader systemic failure to integrate robust security protocols into electric mobility hardware.
  • The Ministry of Electronics and Information Technology has initiated a probe as authorities urge manufacturers to implement mandatory password protection for battery management systems.
IN-DEPTH ANALYSIS
BusinessTechIndia

The Indian government has officially moved to neutralize a growing digital threat targeting the nation's burgeoning electric vehicle sector after reports confirmed that several mobile applications were being misused to disable e-rickshaws remotely. By targeting specific software known as BAT-BMS, Losiji, and Epoch Li-ion, officials aim to curtail a dangerous trend where vehicles were being shut down mid-transit by unauthorized users. The vulnerability primarily affected low-cost lithium-ion battery packs that lacked basic security encryption, effectively turning thousands of public transport vehicles into targets for malicious interference and reckless pranks.

Security Flaws in Battery Management

The core of the issue lies in the design of the Battery Management System, an internal component responsible for monitoring voltage, temperature, and overall health of the vehicle's power source. Manufacturers of these budget-friendly battery packs neglected to implement password-protected Bluetooth pairing, leaving a communication window open to anyone within a 15-meter range. This design flaw allowed individuals with the correct application to bridge the connection to the vehicle’s main power controller, giving them the ability to toggle the power output on or off at will.

Social media platforms were flooded with viral footage dubbed the Tirri Trend, which showcased pranksters successfully bringing unsuspecting e-rickshaws to a complete halt in the middle of busy traffic. While these clips were shared primarily for entertainment value, the underlying reality presents a grave danger to commuters and drivers alike. Bringing a vehicle to a sudden, unexpected stop in a high-speed traffic environment risks multi-vehicle pile-ups and serious injuries, transforming a technological oversight into a potential public safety crisis that necessitated immediate state intervention.

The vulnerability is limited to lithium-ion batteries that utilize Bluetooth connections without basic password protection for the management system.

Digital Pranks Endanger Public Safety

Cybersecurity analysts suggest that this incident serves as a critical wake-up call for the entire electric mobility ecosystem as it rapidly shifts toward digitization. According to industry experts, the rush to market affordable electric transport options often results in the corner-cutting of essential digital safety features that would be standard in passenger cars or heavy-duty industrial machinery. Without mandatory security standards enforced at the hardware level, the integration of connected diagnostic tools will continue to create exploitable backdoors for bad actors seeking to disrupt transportation infrastructure.

Development of the software in question is largely traced to firms like Shenzhen Grenergy Technology, which designed the interfaces to help owners track real-time battery performance. While these tools offer genuine utility for maintenance and efficiency tracking, the lack of authentication protocols meant that the convenience of remote management was weaponized against the very people it was intended to serve. The government's decision to pressure major app stores to remove these listings is a tactical move to contain the immediate damage while investigations into the supply chain continue.

Systemic Failures in Electric Mobility

This crackdown has reignited a nationwide debate regarding the regulatory requirements for unbranded components that power the informal transport sector. While established automotive brands utilize sophisticated encryption that renders such unauthorized Bluetooth access impossible, the unorganized market relies heavily on these cheaper, insecure alternatives. Policymakers are now facing pressure to establish stringent quality control protocols that mandate secure, encrypted communication modules for all electric vehicle parts imported or manufactured within the country to prevent future remote access incidents.

Unsecured battery management systems allow unauthorized users to shut down e-rickshaws from a distance of up to 15 meters.

In response to the government directive, major digital marketplaces are in the process of auditing their listings to ensure the identified applications are no longer accessible to the public. However, authorities are cautious, acknowledging that removing apps is merely a temporary patch for a hardware-level vulnerability that already exists in thousands of active vehicles. The focus is now shifting toward informing drivers about the risks and encouraging them to seek technical updates or hardware modifications that can lock down their Bluetooth connections against unauthorized pairing attempts.

Regulating Hardware for Future Security

Looking forward, the incident is likely to trigger a comprehensive overhaul of how smart mobility hardware is vetted before reaching the Indian consumer. Regulators are expected to push for stricter compliance for battery management modules, potentially banning the sale of any hardware that fails to meet minimum cybersecurity benchmarks. This episode underscores the hidden costs of rapid technological adoption and the urgent necessity of prioritizing foundational security over the convenience of connected features as the country accelerates its ambitious transition toward a fully electrified transport network.

KEY TAKEAWAYS

The government has specifically ordered the removal of BAT-BMS, Losiji, and Epoch Li-ion apps from major digital app stores.

Modern passenger vehicles utilize robust encryption that prevents unauthorized remote access, unlike the budget battery packs used in most e-rickshaws.

How do you feel about this story?

More Stories

Share This Story

Choose a platform to share this article