
Anyone Could Stop Electric Rickshaws in India With a Phone App (No Password Needed)
A security flaw lets strangers control electric rickshaws remotely without any login. This shows why connected vehicles need better security.
Source
Graham Cluley
Original headline: Smashing Security podcast #476: Remote-control rickshaws and rogue book marketers
Plain-English summary by GetCyberRight. Read the full report at the source above.
An app used in India to manage electric rickshaws has a serious security problem. Anyone with a smartphone can use it to stop any e-rickshaw remotely, with no password, login, or permission required.
This means a stranger could stop someone's vehicle while they are riding in it. The flaw highlights dangers that come with connecting vehicles to the internet without proper security measures. This directly affects people in India who ride in or operate electric rickshaws.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
If you use these vehicles, someone could potentially stop your ride without warning. The broader lesson applies to anyone who uses connected vehicles, smart cars, or ride sharing services anywhere in the world. As more vehicles connect to apps and the internet, security flaws like this could affect many types of transportation.
If you are in India and use e-rickshaws, take these steps:
- Be aware that your vehicle could be stopped remotely and have backup transportation options.
- Report any suspicious stops to the rickshaw company and local authorities.
- Ask your rickshaw service provider what security measures protect their vehicles. For everyone else:
- Before using any connected vehicle service, research whether the company has experienced security problems.
- Choose services from established companies with better security track records when possible. This incident is part of a larger pattern where convenience features get added to products without adequate security testing. Whether it's vehicles, home devices, or apps, connected technology should require strong passwords and proper access controls. When choosing smart devices or connected services, consider the security reputation of the company. Ask questions about how your data and control systems are protected before trusting new technology.
Curated from trusted cybersecurity sources by GetCyberRight
Source: Graham CluleyStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
Fairlife Dairy Attack Shows Why Critical Systems Need Better Protection
A ransomware attack halted all Fairlife dairy production. The real problem: critical production systems were connected to business networks they should never touch.
3 min readRansomware Attack Shuts Down Major US Dairy Producer Fairlife
A ransomware attack on Coca-Cola's Fairlife dairy stopped all US production, showing how cyberattacks now halt real-world operations, not just lock files.
3 min readFairlife Ransomware Attack Shows How Hackers Can Disrupt Your Groceries
A cyberattack on Coca-Cola's Fairlife dairy company halted all U.S. production, revealing how ransomware now threatens the everyday products families depend on.
4 min readWhy Encryption Won't Stop Ransomware: The Fairlife Attack Explained
Coca-Cola's Fairlife ransomware attack reveals a dangerous myth: encryption alone won't protect you if attackers have valid login credentials.
3 min read