Govt Removes Bat, BMS, Epoch Li-Ion Apps Over E-Rickshaw Security Risk
Govt Removes Bat, BMS, Epoch Li-Ion Apps Over Security Risk

The Indian government has removed three mobile applications—Bat, BMS, and Epoch Li-ion—from app stores following the circulation of viral videos showing e-rickshaw batteries catching fire. The decision was taken after the Indian Computer Emergency Response Team (CERT-In) flagged these apps as critical security risks.

What Prompted the Removal?

The apps were designed to monitor lithium-ion batteries used in e-rickshaws, providing data on charge levels, temperature, and performance. However, recent viral videos on social media demonstrated that these apps could be exploited to remotely access battery management systems, potentially leading to overheating, fires, or even explosions. According to a senior official from the Ministry of Electronics and Information Technology (MeitY), the apps lacked basic security protocols, making them vulnerable to unauthorized access.

Security Vulnerabilities Identified

CERT-In’s analysis revealed multiple vulnerabilities in the apps. The Bat app, for instance, transmitted battery data over unencrypted channels, allowing attackers to intercept and manipulate commands. The BMS app had hardcoded credentials that could be used to gain administrative control. The Epoch Li-ion app contained a backdoor that enabled remote code execution. These flaws could allow malicious actors to remotely disable safety mechanisms, leading to battery overheating and fires.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

“These apps pose a direct threat to public safety. The vulnerabilities could be exploited to cause e-rickshaw batteries to malfunction, leading to accidents and injuries,” said a CERT-In spokesperson.

Impact on E-Rickshaw Users

E-rickshaws are a popular mode of transport in many Indian cities, with over 1.5 million vehicles on the road. Many of these use lithium-ion batteries monitored via these apps. The government’s removal of the apps has left numerous drivers without remote monitoring capabilities. However, officials emphasize that safety is paramount. “We urge users to immediately uninstall these apps and contact battery manufacturers for alternative monitoring solutions,” the MeitY official added.

Government’s Response and Next Steps

The government has also instructed app stores to block downloads and has issued an advisory to e-rickshaw manufacturers and battery suppliers to ensure their products comply with security standards. MeitY is working with developers to patch the vulnerabilities and may allow the apps to return once they are secure. In the meantime, users are advised to rely on manual monitoring and physical inspections of their batteries.

This incident highlights the growing need for cybersecurity in the Internet of Things (IoT) ecosystem. As more devices become connected, ensuring their security is critical to prevent such risks. The government has promised stricter regulations for IoT devices in the future.

Pickt after-article banner — collaborative shopping lists app with family illustration