Security Flaw in E-Rickshaw Apps Leaves Drivers Vulnerable to Remote Shutdowns
Security Flaw in Mobile Companion Apps for Electric Rickshaws in India Allows unauthorised users to pair with vehicles over Bluetooth. Cyber experts have issued warnings that without robust mutual authentication, attackers in the vicinity could remotely disable vehicles, risking the livelihoods of drivers and the safety of passengers in heavy traffic.
NEW DELHI — An emerging cybersecurity vulnerability in the smartphone apps underpinning thousands of India’s electric three-wheelers (e-rickshaws) has sparked immediate concerns over driver safety and digital exposure in the country’s fast-growing micro-mobility sector.
Security researchers have found that several companion mobile apps that drivers use to monitor battery metrics, track
GPS locations and control vehicle diagnostics lack critical authentication schemes. These apps connect to the vehicles over Bluetooth and without a secure, unique passcode handshake, the connection is vulnerable. So, a person can easily intercept the signal in a normal 30 feet Bluetooth radius and then pair with the e-rickshaw and issue a remote shutdown command.
For most e-rickshaw operators, this digital loophole strikes at their daily bread directly. While commercial fleet drivers have the safety net of their companies, most e-rickshaw drivers are self-employed and depend only on daily fares with no breaks. A malicious vehicle freeze while in transit can instantly cancel a trip, resulting in lost revenue and damaged consumer trust.
And beyond the financial ramifications, the dangers to physical safety are great. E-rickshaws are the backbone of last-mile connectivity in India, routinely navigating extremely congested, chaotic urban intersections. If an attacker suddenly cuts the power to a vehicle attempting to merge into fast-moving traffic, the probability of a catastrophic rear-end collision skyrockets. Compounding the danger is a massive awareness gap—most drivers regard their car as nothing more than a mechanical device and have no idea that a nearby smartphone could instantly kill their ignition.
Automotive cybersecurity analysts are now calling for multilayered intervention. Drivers are encouraged to download apps from trusted sources, such as manufacturer channels, and to immediately use OTA firmware updates as they become available.
Meanwhile, electric vehicle manufacturers face a heavy burden. Experts say basic Bluetooth connectivity is no longer good enough for vehicle controls. Manufacturers must immediately implement mandatory software patches that require encrypted communications and cryptographic pairing mechanisms, such as requiring the user to press a physical button on the vehicle’s dashboard to accept a new smartphone connection.
As India races towards green transport, this flaw is a stark reminder that digital infrastructure is now an integral part of road safety. Industry regulators may soon require standardised cybersecurity compliance checks for all electric vehicles before they can be cleared for public roads.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
