The Indian government has directed Google and Apple to remove three mobile applications—BAT-BMS, Lossigy, and Epoch-i-ion—after they were allegedly misused to remotely disable e-rickshaws while they were carrying passengers.
The decision comes after videos circulated online showing users remotely shutting down battery-powered three-wheelers, raising serious concerns about passenger and road safety.
Authorities have also warned that any other apps offering similar unsafe remote-control capabilities could face similar action.
Why Were These Apps Removed?
The apps were originally developed as Battery Management System (BMS) tools for electric vehicles.
Their intended purpose was to help:
- Monitor battery health and charging status
- Track vehicle location
- Manage fleet operations
- Disable vehicles in cases of theft or loan default
However, authorities found that the remote shutdown feature was allegedly being misused to stop vehicles without the driver’s permission.
How the Apps Were Misused
According to reports, some users were able to remotely disable nearby e-rickshaws using the connected battery management system.
Researchers believe the issue was caused by weak access controls, allowing unauthorized users with access credentials to send remote shutdown commands.
This meant that features designed for fleet management could potentially be misused by:
- Unauthorized individuals
- Rival financiers
- Disgruntled employees
- Malicious actors
- Pranksters
Such actions could interrupt journeys and create serious safety risks for both drivers and passengers.
Security Concerns
The incident highlights growing security challenges within Internet of Things (IoT)-enabled electric vehicles.
Researchers note that many low-cost electric vehicle platforms prioritize functionality over security, leaving connected systems vulnerable to misuse.
Some of the reported concerns include:
- Weak authentication mechanisms
- Shared or leaked login credentials
- Insufficient access controls
- Lack of driver authorization
- Remote shutdown without safety checks
Without proper safeguards, features intended to improve vehicle management can become potential security risks.
Government Response
Following reports of misuse, the government instructed Google and Apple to remove the affected applications from their respective app stores.
Officials also indicated that additional apps found enabling similar remote vehicle shutdown capabilities could face the same action.
The move reflects increasing efforts to improve the security of connected transportation technologies and protect public safety.
Recommendations for Fleet Operators
Organizations using connected Battery Management Systems should strengthen their security by:
- Enabling multi-factor authentication (MFA)
- Restricting access to authorized users only
- Preventing remote shutdown while vehicles are moving
- Maintaining audit logs for remote commands
- Conducting regular security assessments of BMS platforms
- Securing backend APIs and user credentials
As connected electric vehicles become more common, securing remote management features will be essential to prevent misuse and ensure passenger safety.