📊 Key Data
  • 7 apps removed by Google & Apple from stores due to security risks.
  • <1% NPA rate for BatteryPool, vs. industry double-digit defaults.
  • 90% of batteries use India-made BMS hardware.
🎯 Expert Consensus

Experts agree that while regulatory action was necessary, the root cause lies in systemic design flaws, and proactive security-by-design solutions like BatteryPool's are critical for future EV safety.

5 days ago
Digital Hijacks on Indian Roads: How a FinTech Fix Became an EV Lifesaver

Digital Hijacks on Indian Roads: How a FinTech Fix Became an EV Lifesaver

PUNE, India – July 14, 2026

For a few terrifying weeks, a digital ghost haunted the bustling streets of several Indian cities. E-rickshaw drivers, navigating dense traffic with passengers onboard, found their vehicles suddenly and inexplicably dead, the electric motors silent. Videos of these mid-ride shutdowns, orchestrated by individuals using simple smartphone apps, went viral. What started as dangerous “pranks” quickly revealed a gaping wound in the security of India's burgeoning electric vehicle ecosystem, with some incidents reportedly linked to extortion. The fallout was immediate: drivers lost a day's wages, passengers were put at risk, and a chilling question emerged. As vehicles become computers on wheels, who truly holds the keys?

This rash of digital hijackings exposed a systemic vulnerability in the very heart of the vehicles: the Battery Management System (BMS). In the race to connect everything, security had become a casualty. Now, as regulators scramble to patch the problem, one startup is highlighting a solution that was, remarkably, born from a completely different challenge: finance.

A Systemic Flaw Exposed

The root of the crisis wasn't a sophisticated cyberattack but a startlingly simple design flaw. Many low-cost EV batteries, particularly in the three-wheeler segment, utilize Bluetooth-enabled BMS to allow for diagnostics and control. However, cybersecurity experts point out that these systems were often deployed with default passwords or no password protection at all. This oversight turned every vulnerable e-rickshaw into a target. Anyone with a specific app within a 10-15 meter radius could connect to the battery and issue a “discharge off” command, effectively cutting the power.

India's Ministry of Electronics and Information Technology (MeitY) responded by ordering Google and Apple to remove at least seven apps, including BAT-BMS, Epoch Li-ion, and Lossigy, from their app stores. While a necessary first step, industry insiders argue it’s like treating a symptom without curing the disease. The apps themselves were not inherently malicious; they were tools that exposed a fundamental weakness in the hardware's design philosophy.

“The issue is not the app, it’s the system design,” noted one certified ethical hacker in a recent media interview. The incidents serve as a stark reminder of the dangers of prioritizing convenience over security in the Internet of Things (IoT) era. When a digital vulnerability can cause a physical, kinetic event on a public road, the stakes are infinitely higher than a hacked social media account. The e-rickshaw shutdowns are a case study in the escalating risks of cyber-physical security.

Security by Design, Not by Afterthought

In response to the crisis, Pune-based deeptech-fintech startup BatteryPool has stepped forward, not with a patch, but with an architecture that makes such remote attacks impossible by design. The company’s core principle is simple yet powerful: battery control functions should be physically locked to the charging environment, never accessible while the vehicle is in motion.

“Connected batteries must be treated as digital assets,” said Ashwin Shankar, Founder of BatteryPool. “Recent BMS-related incidents underscore that battery security is now integral to battery safety. At BatteryPool, we made a deliberate design choice—control should occur during charging, not by interrupting discharge while a vehicle is in motion.”

Instead of relying on vulnerable, open Bluetooth channels, BatteryPool’s control layer is built on encrypted firmware embedded within both the BMS and the charger. The two components communicate exclusively through a proprietary, encrypted handshake over the vehicle’s internal Controller Area Network (CAN) bus—a closed, wired system. There is no wireless surface for an outside app to find or pair with, completely eliminating the attack vector exploited in the recent incidents. This approach creates a secure, closed-loop ecosystem where the battery will only function with authorized charging infrastructure.

An Accidental Safety Breakthrough

Perhaps the most compelling part of this story is that BatteryPool’s robust security wasn't initially designed to prevent roadside hijacking. It was created to solve a financial problem. The company’s business model revolves around offering EV batteries on a sachet-style, pay-as-you-earn basis, de-risking the high upfront cost for commercial drivers and their financiers.

To enforce this pay-per-use model without relying on trust, the company needed a foolproof way to manage the battery asset. A driver who misses a payment could find their battery won't accept a charge until the account is settled—a control function that is only executed safely and securely at the charging station.

“Our architecture is built to ensure that battery control remains secure, restricted, and anchored to the charging environment,” Shankar explained. “This handshake was built roughly 1.5 years ago, originally to enforce our sachet-style EMI payment model for drivers... Solving that payment problem at the hardware-firmware level is what ended up solving a safety problem nobody had asked us to solve yet.”

This intersection of fintech and hardware engineering has produced a powerful strategic advantage. By securing the asset, BatteryPool also secures the loan. The company reports Non-Performing Asset (NPA) rates of less than 1% in an industry where double-digit defaults are common. Furthermore, their controlled charging protocols lead to better battery health, with assets retaining roughly 85% of their value years beyond standard OEM warranties. For financing partners, this transforms a high-risk asset into a reliable, predictable investment.

The Case for a Sovereign and Secure Supply Chain

The recent security failures have also cast a spotlight on the EV industry’s supply chain. Several of the problematic apps and underlying BMS components are of foreign origin, raising questions about oversight and national resilience. BatteryPool’s approach offers a compelling counter-narrative. A full 90% of its batteries run on India-made BMS hardware.

This commitment to indigenous manufacturing is more than just a nod to the 'Make in India' initiative; it's a strategic imperative. A domestic supply chain allows for greater control over security protocols, faster response to emerging threats, and the development of a technology ecosystem tailored to India’s unique market conditions. As India accelerates its ambitious EV transition, ensuring the security and reliability of its critical infrastructure is paramount.

The e-rickshaw hacking incidents were a wake-up call, demonstrating that in the 21st century, vehicle safety is as much about cybersecurity as it is about seatbelts and airbags. Proactive, hardware-integrated solutions that treat security as a foundational requirement, not an optional extra, will be essential to building trust and ensuring that India's electric dreams don't turn into a public safety nightmare.

Topics & Related

Sector:
Automotive
Fintech
Theme:
Clean Energy Transition
Threat Landscape
Event:
Compliance Action
Metric:
Default Rate
Product:
Battery Storage
Electric Vehicles

📝 This article is still being updated

Are you a relevant expert who could contribute your opinion or insights to this article? We'd love to hear from you. We will give you full credit for your contribution.

Contribute Your Expertise →
UAID: 42754