A series of viral videos circulating on social media has raised fresh questions about cybersecurity in India’s rapidly growing electric-rickshaw market. The videos appear to show a smartphone application being used to switch off the power supply of some electric rickshaws while they are being driven, causing them to come to a halt.
Autocar Professional has chosen not to identify or publish the name of the application shown in the videos to avoid facilitating potential misuse. The publication has also not independently verified the demonstrations or the extent to which the reported behaviour may apply across different electric rickshaws and battery systems.
At the centre of the issue is a technology called a Battery Management System (BMS). Every lithium-ion battery pack uses a BMS to monitor battery health, temperature, charging and overall safety. In some battery packs, the BMS can also communicate with a smartphone over Bluetooth, allowing users or service technicians to check battery information through a mobile application.
If such a Bluetooth-enabled system is not adequately secured, an unauthorised person within Bluetooth range could potentially connect to the battery. Depending on how that particular battery system has been designed, the app may allow the battery output to be switched off, temporarily cutting power to the vehicle.
That does not necessarily mean every electric rickshaw is vulnerable. Battery suppliers use different hardware, software and security measures. Many systems may not support Bluetooth at all, while others require passwords or other forms of authentication before any settings can be changed.
Even so, the videos have highlighted an important cybersecurity issue as connected electronics become more common in electric vehicles. As batteries, controllers and telematics systems increasingly communicate wirelessly, protecting them against unauthorised access is becoming as important as ensuring their electrical safety.
For manufacturers, the answer lies in stronger cybersecurity practices, including secure Bluetooth authentication, encrypted communication, unique passwords instead of factory-default credentials and software updates that address newly discovered vulnerabilities.
The incident also raises a broader question: could something similar happen to electric cars or other electric vehicles? In principle, any connected electronic system can become a target if it is poorly secured. However, passenger electric cars from established manufacturers typically employ multiple layers of cybersecurity, including encrypted communication, secure gateways, authenticated software and compliance with global cybersecurity standards. While no connected system is entirely immune to cyber threats, compromising a modern passenger EV is significantly more complex than accessing an unsecured Bluetooth-enabled battery component.
As India’s electric mobility ecosystem expands, the viral videos serve as a reminder that cybersecurity is no longer limited to premium connected cars. Even relatively simple electric vehicles such as e-rickshaws will increasingly need robust digital security alongside mechanical and electrical safety.