Last Updated:
Experts say modern EVs are essentially computers on wheels, relying on software, sensors, wireless connectivity and cloud services, making them potential targets for cyberattacks.

Vikash Chaudhary, Founder and CEO of HackersEra Automotive Cybersecurity, identified Bluetooth connectivity, diagnostic systems, telematics applications, charging infrastructure and over-the-air (OTA) software updates as the biggest cybersecurity risk areas. (AI-generated photo)
Imagine driving your car when, without warning, someone remotely disables it. While such scenes are common in Hollywood movies like The Fate of the Furiousrecent incidents involving e-rickshaws in India have raised fresh questions about the cybersecurity of connected vehicles.
The controversy erupted after videos showed people allegedly using a smartphone application called BAT-BMS to remotely disable moving e-rickshaws through Bluetooth. The incident prompted the Ministry of Electronics and Information Technology (MeitY) to direct the removal of three mobile applications—BAT-BMS, Epoch-i-ion and Lossigy—from Android and iOS app stores after concerns that they were being misused.
How Were E-Rickshaws Being Disabled?
Many lithium-ion batteries used in e-rickshaws are equipped with Bluetooth-enabled Battery Management Systems (BMS), allowing owners to monitor battery health through mobile applications.
Cybersecurity experts say some of these systems lack proper authentication, allowing anyone within Bluetooth range to connect and disable the battery’s discharge function, abruptly stopping the vehicle. Older lead-acid battery-powered e-rickshaws are generally unaffected.
The alleged misuse has left drivers worried.
“Some people are locking the battery using the app. Now, e-rickshaw drivers also have to download the same application to unlock it in an emergency. Sometimes only the person who has the app can unlock the battery. It is creating huge problems for drivers. If the e-rickshaw stops on the main road, it becomes a major safety risk,” said Mohammad Siraj, an e-rickshaw driver in Delhi.
Cybersecurity expert Dr Rakshit Tandon said the issue stems from poor implementation rather than sophisticated hacking.
“A lot of these low-cost e-rickshaws have Bluetooth-enabled batteries but no authentication. Owners should either get Bluetooth disabled by the vendor or pair the battery with their own phone. Once it is paired, another device generally cannot connect, which significantly reduces the risk of misuse,” he told News18.
Can Electric Cars, Bikes Be Hacked?
The incident has naturally raised questions over whether electric cars and bikes are also vulnerable.
Experts say modern EVs are essentially computers on wheels, relying on software, sensors, wireless connectivity and cloud services. However, the risk is not unique to electric vehicles. Modern petrol and diesel cars also contain dozens of electronic control units (ECUs), wireless communication systems and connected features that could become targets if vulnerabilities exist.
One of the best-known examples came in 2022 when German security researcher David Colombo demonstrated remote access to certain functions of 25 Tesla vehicles across 13 countries. The incident, however, resulted from exposed credentials on third-party software rather than a vulnerability in Tesla’s own systems.
A government official, speaking to News18.com on condition of anonymity, said the possibility of cyberattacks/hacking of EVs cannot be ruled out.
“There is always a potential for hacking. In many cases, an attacker would first need physical access to the vehicle, such as connecting a laptop to the On-Board Diagnostics (OBD) port. Whether there is a practical exploit available today is debatable, but you can never say the threat does not exist,” the official said.
He added that no connected system can be considered completely secure. “No matter how many security tools you deploy, there can always be vulnerabilities or zero-day exploits that compromise a device, a server or even a connected vehicle.”
‘Security Must Be Built Into EVs From Day One’
Vikash Chaudhary, Founder and CEO of HackersEra Automotive Cybersecurity, said the e-rickshaw incident exposes broader cybersecurity risks in India’s rapidly expanding EV ecosystem.
“India is electrifying fast, and every connected layer—batteries, mobile apps, cloud platforms and charging infrastructure—is a potential entry point if security isn’t built in from the beginning. What happened in the e-rickshaw case appears to be a basic failure where a critical function wasn’t adequately protected,” he told News18.com.
He identified Bluetooth connectivity, diagnostic systems, telematics applications, charging infrastructure and over-the-air (OTA) software updates as the biggest cybersecurity risk areas. “Every connection is an attack surface. Security has to cover the entire vehicle lifecycle—from manufacturing and suppliers to software updates.”
Can Hackers Take Control of A Moving EV?
While the recent incident demonstrated that a connected battery system can be remotely disabled under certain conditions, Chaudhary said taking complete control of a moving car is significantly more difficult.
“Disabling power is already a demonstrated risk. Full remote control of steering or braking would require multiple vulnerabilities to be exploited together. It is not as simple as Hollywood movies portray, but the possibility cannot be completely dismissed.”
He stressed that cybersecurity cannot be treated like installing antivirus software after a vehicle is sold.
“Security has to be integrated during the vehicle development process itself. Once vehicles are already on the road, addressing hardware-level security weaknesses becomes much more difficult.”
What Should Manufacturers And Owners Do?
Chaudhary said manufacturers should adopt a “secure-by-design” approach by securing every connected component, enforcing cybersecurity standards for suppliers, conducting independent penetration testing before launch, continuously monitoring vehicle security and complying with standards such as AIS-189 and UN R155.
For consumers, the expert recommended keeping vehicle software and companion apps updated, using strong passwords, avoiding unofficial third-party applications, checking whether Bluetooth and battery interfaces are password-protected, and reporting any unexpected shutdowns immediately.
“Owners cannot fix a hardware flaw on their own, but asking the right questions pushes manufacturers to improve security,” Chaudhary said.
As India rapidly expands electric mobility to reduce fuel imports and curb pollution, experts say cybersecurity must become as fundamental as physical safety. The e-rickshaw episode, they argue, should serve as a wake-up call for manufacturers, regulators and consumers alike.
About the Author
Saurabh Verma covers general, national and international day-to-day news for News18.com as a Chief Sub-editor. He keenly observes politics. You can follow him on Twitter –twitter.com/saurabhkverma19
Read More
Source link
[ad_3]