Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Showing posts with label Cyber Security. Show all posts

Researchers Find Claude for Chrome Flaws That Could Let Malicious Extensions Trigger Sensitive Google Tasks




Researchers at Manifold Security have disclosed two security weaknesses in Anthropic's Claude for Chrome extension that could allow another browser extension with access to the Claude website to trigger predefined AI-powered actions involving a user's Gmail, Google Docs and Google Calendar.

According to the researchers, the issues remain present in version 1.0.80 of the extension despite earlier mitigations introduced after the disclosure of the "ClaudeBleed" vulnerability. While Anthropic restricted how external webpages can communicate with the extension, Manifold says the underlying trust boundary that determines whether a user intentionally initiated an action has not been fully addressed.

The findings do not indicate that arbitrary websites can directly read a user's email or documents. Instead, the attack requires another browser extension that already has permission to execute scripts on the claude.ai domain. If such an extension is malicious or becomes compromised, it could abuse Claude's existing capabilities to initiate AI tasks that access a user's connected Google services.


Forged clicks can initiate predefined Claude actions

Following the earlier ClaudeBleed disclosure, Anthropic replaced unrestricted prompt handling with a fixed allowlist of predefined onboarding tasks. Rather than allowing external callers to submit arbitrary prompts, the extension now recognizes only nine task identifiers embedded within its code.

Among these are demonstration workflows for third-party services such as DoorDash, Salesforce and Zillow, along with tasks that interact with Gmail, Google Docs and Google Calendar. This design significantly narrows the attack surface because outside scripts can no longer provide custom instructions for Claude to execute.

However, Manifold Security found that the mechanism responsible for launching these tasks can still be manipulated.

The researchers explain that a content script running within the extension monitors the Claude webpage for clicks on a specific onboarding element. When a click occurs, the script reads the associated task identifier and forwards it to the extension, which opens Claude's side panel with the corresponding workflow prepared.

The problem lies in how those clicks are validated. Instead of confirming that the event originated from an actual user interaction, the extension accepts any matching click event, including one generated programmatically by JavaScript.

Modern browsers provide an "event.isTrusted" property that distinguishes genuine user actions from synthetic events created by scripts. According to Manifold, the extension does not verify this property before processing the request.

As a result, another extension capable of interacting with the Claude webpage can dynamically create the required element, assign one of the approved task identifiers and dispatch an artificial click event. Because the extension treats the event as legitimate, Claude opens the selected workflow as though the user had manually initiated it.

The researchers demonstrated this behavior using a short proof-of-concept script executed within the Claude page, showing that synthetic click events marked as untrusted were still accepted by the extension.


Approval settings determine the level of risk

Whether the forged action progresses beyond this point depends largely on how the extension has been configured.

For users operating under Claude's default "Ask before acting" setting, the extension still presents an approval prompt before carrying out actions involving Gmail, Google Docs or Google Calendar. This additional confirmation prevents automatic execution, although users could still unknowingly approve an attacker-triggered request.

The risk increases considerably for users who have enabled the optional "Act without asking" mode. In this configuration, the extension can perform supported tasks without requesting further confirmation, allowing attacker-triggered workflows to execute automatically.

Manifold assigned a CVSS severity score of 7.7 under the default approval model and 9.6 when unattended execution is enabled.

The researchers say a straightforward mitigation would be to reject any click event that was not generated by a genuine user, preventing scripts from activating these workflows through synthetic browser events.


Researchers identify second permission-handling concern

Manifold also disclosed a separate issue involving how the extension initializes permission settings when its side panel loads.

According to the researchers, if the panel starts with a specific URL parameter indicating that permission checks should be skipped, the extension immediately enters a mode that bypasses user approval for supported actions.

Although users receive a warning indicating that Claude now has broader authority to perform actions on their behalf, the privileged session has already been established by the time the notification appears.

The researchers emphasize that this second issue is not directly exploitable under current conditions because the parameter can presently be generated only by the extension itself. Nevertheless, they argue that any future vulnerability allowing a lower-privileged component to influence this parameter could eliminate the remaining approval barrier and enable silent execution.

Potential attack paths discussed by the researchers include future message-handling flaws, panel initialization bugs or cross-site scripting vulnerabilities that could expose the parameter to untrusted input.

To reduce that risk, Manifold recommends that the extension ignore permission-related values supplied through URLs and instead always initialize new sessions in approval mode.

The researchers classify the forged-task technique as an example of indirect prompt injection within the OWASP Top 10 for Large Language Model Applications because an attacker manipulates the AI agent into executing one of its own predefined workflows rather than supplying new instructions directly.

They also associate the unattended execution scenario with excessive agency, referring to AI systems that are granted broad authority to perform sensitive actions with minimal user oversight.

According to the report, these behaviors occur regardless of whether users are running Claude Opus, Sonnet or Fable, indicating that the weaknesses originate in the browser extension rather than the underlying language models.


Issues remain unresolved months after disclosure

Manifold Security reported both vulnerabilities to Anthropic on May 21 while testing version 1.0.72 of the extension. Anthropic acknowledged the reports the following day.

The forged-click issue was closed on the basis that it fell within the scope of the previously reported ClaudeBleed investigation, which Anthropic indicated remained open while a more comprehensive solution was being developed.

The permission-handling report was classified as informational because the relevant parameter was intended for workflows that users had already configured for unattended execution.

Despite those responses, Manifold says it found the same vulnerable code paths unchanged after examining version 1.0.80 released on July 7.

As of July 14, the researchers noted that no CVE identifier had been assigned to either issue and Anthropic had not published a public advisory addressing the findings.

The latest research follows a series of security concerns involving AI-powered browser agents.

Earlier this year, researchers disclosed ClaudeBleed, a vulnerability that allowed websites to inject prompts into Claude for Chrome by exploiting how the extension trusted requests originating from the Claude website itself rather than verifying which script generated them.

LayerX, which originally disclosed ClaudeBleed, described the issue as a classic "confused deputy" problem, where software possessing legitimate privileges unknowingly performs actions on behalf of an untrusted requester.

Security researchers have also identified comparable trust-boundary weaknesses affecting other Anthropic products, including Claude Code, demonstrating broader challenges associated with AI agents that can directly interact with browsers, developer environments and online accounts.

The latest findings reinforce the importance of carefully validating user intent before granting AI assistants access to sensitive online services. As AI-powered browser agents become increasingly capable of interacting with email, documents and productivity platforms, researchers argue that ensuring those actions genuinely originate from users remains one of the most critical security controls.

Pentagon Pauses CMMC Phase Two Rollout for 60-Day Review of Cybersecurity Program

 

The US Department of Defense (DoD) has decided to suspend the implementation of the cybersecurity maturity model certification (CMMC) second phase on a temporary basis. The DoD will conduct a 60-day review before continuing with the implementation of the new cybersecurity requirements that were supposed to take effect in November 2026. Chief information officer of the Department of War (DoW), Kirsten Davies, stated that the CMMC pause gives an opportunity to “remove burdensome requirements while still maintaining national security.” 

Davies emphasized that DoD’s phase one requirements as well as all the regulations regarding the protection of information, are still in full force until further notice. Additionally, Davies noted that the creation of the CMMC Review and Reform Task Force charged with soliciting feedback from industry constituencies ahead of any reconsideration of the program will contribute to burden reduction. 

In particular, the task force will ensure that small businesses and nontraditional contractors are not overly burdened by certification requirements, thus facilitating their participation in defense contracting. Undersecretary of War for Acquisition and Sustainment Michael Duffey stated that the DoD wants to prevent “small manufacturers from being shut out of the defense market due to the cost and complexity of the CMMC.” 

The cybersecurity maturity model certification policy sets out cybersecurity requirements for defense industrial base (DIB) companies and contractors. The CMMC 2.0 requirement is applicable to all DoD contractors and subcontractors handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). 

The newly implemented CMMC 2.0 cybersecurity requirements came into full force on November 10, 2025, and will be implemented in phases. During phase one, which was completed on November 10, 2025, organizations had to conduct self-assessments for Level 1 and some Level 2 contract work. Level 1 of the CMMC 2.0 covers the protection of FCI and requires a minimal level of cybersecurity maturity, while Level 2 covers the protection of CUI and includes the security requirements of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. 

On the other hand, Level 3 includes more stringent measures to protect against advanced persistent threats to sensitive DIB information. As of November 10, 2026, the beginning of the second phase, organizations will be required to undergo third-party assessment organization (TPO) certification for many Level 2 contracts. One of the reasons for postponing the second-phase implementation, as stated by officials, is the shortage of TPOs accredited to certify organizations ahead of the November 10, 2026 deadline. 

Under the initially established schedule, the third phase of the CMMC 2.0 implementation was set to begin in 2027. It included the introduction of Level 3 requirements for organizations that handle sensitive information and will affect most DoD contracts in Fiscal Year (FY) 2028. Finally, the fourth phase was supposed to ensure complete transition to the new framework in order to meet all CMMC requirements. 

As a result of the 60-day review, DoD officials will make recommendations on revising the CMMC 2.0 in order to reduce the burden on industry while addressing warfighters’ and authorizers’ needs in terms of enhanced cybersecurity.

CrashStealer macOS Malware Uses Apple-Notarized App to Evade Security Checks



CrashStealer, a new macOS information-stealing malware named for Apple's Mac operating system, bypasses built-in security protections by using an Apple notarized application, demonstrating a growing trend of malicious actors utilizing legitimate software verification mechanisms in order to target Apple users. 

Jamf Threat Labs researchers discovered that the malware is distributed via a disk image named Werkbit.app that is signed and notarized by Apple. Due to the fact that the installer is notarized by Apple and has a valid developer ID, Gatekeeper security checks can be successfully passed by the installer, increasing user confidence and acceptance of the application.

In early May 2026, Jamf Threat Labs identified CrashStealer as a suspicious macOS sample uploaded to VirusTotal. Activated infections were detected by researchers in early July, indicating the malware had progressed from development to real-world deployment. 

Based on the timeline, the operators seem to have refined the malware before launching broader attacks on macOS. This macOS stealer is written in native C++, unlike many macOS stealers, which rely on AppleScript or Objective-C wrappers. As a result, CrashStealer is more difficult to analyze while ensuring enhanced performance. Researchers have reported that the malware validates the user's macOS login password. 

Once the password has been validated, the malware can unlock the user's login keychain and gain access to additional sensitive information. The attack chain is designed to keep the user's identity hidden. A GitHub repository is utilized by the malware to retrieve configuration data after the victim launches the installer, which is then used to download the final malicious payload. 

GitHub-hosted configurations contain instructions for downloading shell scripts that are responsible for retrieving the final malware payload from attacker-controlled infrastructure when the victim launches the installer. CrashStealer reduces its forensic footprint by decoding its contents during execution rather than storing them in plain text during execution. 

The CrashStealer application establishes persistence as a LaunchAgent, utilizes multiple anti-analysis techniques, and checks for installed security or forensic tools before harvesting data by employing multiple anti-analysis techniques. As a precaution, the malware masquerades as CrashReporter, Apple's legitimate crash reporting utility. 

By using Apple's bundle identifier, icon, and naming conventions, the malware makes malicious activity appear to be similar to legitimate system activity. This malware targets credentials stored in Chromium-based browsers as well as Mozilla Firefox, resulting in a significant increase in browsers affected. MetaMask, Phantom, Coinbase Wallet, Trust Wallet, Rabby, OKX Wallet, Exodus, Keplr, Solflare, Backpack, and MetaMask are among the many cryptocurrency wallet extensions that search for data. 

As part of the attack, CrashStealer attempts to extract information from 14 password managers, including 1Password, Bitwarden, LastPass, Dashlane, Keeper, KeePassXC, NordPass, Enpass, and RoboForm. In addition to collecting files from the user's Documents and Downloads folder, the malware compresses the data into a ZIP archive to reduce the possibility of interception. 

To protect the collected data, it is encrypted using AES-GCM before being transmitted via libcurl to an attacker-controlled server. CrashStealer is noted by researchers as encrypting each file before exfiltration, rather than protecting the entire archive. As a result of its use of industry-standard cryptographic techniques, the malware makes intercepted data significantly more difficult for defenders to analyze without the appropriate key to decrypt. 

Researchers at Jamf observed that the malware incorporates code obfuscation, encrypted strings, control-flow flattening, and layered anti-debugging techniques into its data exfiltration mechanism, making it significantly more resilient than typical information commodity thieves.

Investigators also discovered additional domains and operator infrastructure linked to the campaign, including a password-protected management panel that is believed to be used by the attackers. It has been demonstrated that CrashStealer is not a standalone malware sample, but is part of a coordinated operation. 

Researchers believe CrashStealer exemplifies a growing trend in macOS malware, demonstrating the combination of trusted software signing, multiple stages of delivery, sophisticated anti-analysis techniques, and strong encryption to make it more difficult to detect. Furthermore, the campaign emphasizes the growing tendency of attackers to exploit legitimate Apple security mechanisms for malicious delivery, reinforcing the need for users to verify software sources even when applications pass Gatekeeper checks. 

In CrashStealer, cybercriminals demonstrate the increasing use of trusted security mechanisms to avoid detection and compromise macOS systems by exploiting trusted security mechanisms to evade detection. Increasingly sophisticated methods of delivery and stronger encryption are being adopted by attackers; therefore, organizations and users need to remain vigilant by ensuring that they download software only from trusted sources, monitoring unusual activity, and updating their security solutions.

GoDaddy Challenges Indian Court Order Over Domain Privacy and Internet Governance Rules

 

A legal battle in India over online fraud could have major implications for privacy and regulation of the internet around the globe, as domain name registrar Go Daddy takes exception to a Delhi High Court ruling that would impose severe restrictions on domain registration, privacy, and trademark protection. 

The ruling comes in response to an uptick in cyber fraud in India. Government figures from last year show that authorities received 2.4 million fraud complaints, resulting in $2.4 billion in losses. In recent years, Amazon, McDonald’s, Microsoft, and other companies have taken legal action against fake websites that misled consumers into giving away personal information or making purchases. Last December, the Delhi High Court ordered removal of more than 1,100 fraudulent websites. 

With that, the court issued additional directives concerning the management of domain names and registrars. These mandates include forbidding registrars from offering privacy protection services by default, disclosing private domain owner information to third parties upon request if that party can demonstrate a “legitimate interest,” and prohibiting domain name registrations that use trademarks of others. Go Daddy argues in a petition to a larger bench of the Delhi High Court that those measures go significantly beyond what’s needed to combat fraud. 

The company believes such restrictions, if applied consistently, would disrupt internet governance worldwide. Go Daddy also objects to the requirement that domain ownership information be disclosed to anybody demonstrating a “legitimate interest.” The company argues in its petition that the language could prove too broad and that domain registrars shouldn’t be tasked with reviewing requests for domain owner information and deciding whether they meet a “legitimate interest” standard. The firm says the language could create “significant legal and operational challenges.” 

The company raises additional concerns about the order’s potential impact on international domain name sales, arguing that because the global internet isn’t bound by one jurisdiction, requiring local registrars to follow the kind of rules set out in the December ruling would, in essence, require them to follow Indian law for all international transactions. 

Go Daddy further argues that the privacy restrictions could run contrary to India’s data protection laws as well as the European Union’s General Data Protection Regulation (GDPR). By mandating that privacy protections be revoked by default for domain owners, India’s data laws and the GDPR would instead be weakened. 

Many internet governance experts believe the ruling places India at risk of negatively impacting citizens, particularly journalists, activists, bloggers, and small businesses, and that it fails to consider tactics bad actors will use to exploit weaknesses in the domain system. Other domain name registrars have raised similar objections to the December ruling, including Namecheap and Hosting Concepts. 

These companies expect that the ruling will spark similar actions in other jurisdictions. Delhi High Court is set to hear the challenges on July 16, with implications for the future of internet governance and fraud prevention measures yet to be determined.

How the Apple Copy-Paste Scam Can Give Attackers Remote Access to Your Mac

 


Apple users are being urged to exercise caution when following troubleshooting instructions found online after cybersecurity experts underlined a growing social engineering tactic that tricks victims into pasting malicious commands into the macOS Terminal application. Rather than exploiting a flaw in macOS itself, the scam relies on convincing users to voluntarily execute commands that can install malware, grant attackers remote access, or expose sensitive information stored on their devices.

Often referred to as a "copy-paste" scam, the technique targets users unfamiliar with Terminal, a command-line interface included with macOS that enables direct interaction with the operating system through text-based commands. While the application is commonly used by developers, system administrators and advanced users to automate tasks or manage system settings, executing unfamiliar commands without understanding their function can introduce significant security risks.

Unlike traditional malware campaigns that exploit software vulnerabilities, this attack depends almost entirely on social engineering. Cybercriminals impersonate trusted sources or create convincing troubleshooting scenarios to persuade victims that running a Terminal command is necessary to fix a technical issue, improve security or restore system performance. Once executed, however, the command may download malicious software, establish remote access, alter security settings or perform other unauthorized actions without the user's awareness.

Depending on the instructions provided, attackers could gain access to documents, photographs, emails, browser data, financial information, saved credentials and contact lists stored on the Mac. Some malicious scripts may also deploy keylogging software capable of recording everything a victim types, including usernames, passwords and other confidential information. In more severe cases, attackers could install ransomware or persistence mechanisms that allow them to retain access to the compromised system even after a restart.

Security researchers note that the scam can begin through multiple channels. Victims may receive phishing emails or text messages containing the malicious command, encounter it in online discussion forums disguised as a legitimate solution, or visit fraudulent websites presenting it as an official troubleshooting step. Attackers have also been observed posing as technical support representatives over the phone, carefully instructing victims to open Terminal and manually type commands under the pretense of resolving an issue.

The rise of generative artificial intelligence has introduced another avenue for abuse. Threat actors may intentionally publish malicious commands across public websites and discussion platforms in an effort to influence AI-powered assistants through a technique known as indirect prompt injection. If an AI system retrieves or references poisoned content while responding to a user's troubleshooting request, it could inadvertently recommend unsafe commands. Although AI tools continue to improve their safeguards, cybersecurity experts advise users to independently verify any command before executing it on their systems.

The attack typically follows a similar pattern. After directing a user to open the Terminal application located within the Utilities folder inside Applications, the attacker provides one or more commands and claims they are required to diagnose, repair or secure the computer. In reality, those commands may download remote administration tools, retrieve additional payloads from external servers, modify system configurations or provide unauthorized access to the attacker's infrastructure.

Because the attack depends on user participation rather than exploiting a software flaw, many victims may not immediately recognize they are being targeted. Individuals unfamiliar with Terminal often have little reason to question commands presented by someone claiming to represent Apple, a software vendor or a technical support service. Similarly, users searching online for solutions may encounter malicious instructions embedded within forum posts or copied across multiple websites, making them appear credible.

To help reduce the effectiveness of these attacks, Apple introduced additional safeguards in recent versions of macOS. When users who do not regularly work in Terminal attempt to paste commands copied from websites, messaging platforms, email applications or chatbots, the operating system may interrupt the action with a warning indicating that the pasted content could contain malware or compromise privacy. Rather than automatically executing the command, the prompt encourages users to reconsider before proceeding.

Apple has also expanded malware detection capabilities within Terminal. If the operating system identifies known malicious content or scripts, it can block execution and notify the user that the pasted command has been prevented because it poses a security risk. These protections are designed to slow down impulsive actions and reduce the likelihood of users unknowingly compromising their own systems.

Cybersecurity professionals emphasize that no security warning should replace careful judgment. Users should never execute Terminal commands they do not fully understand, regardless of whether the instructions originate from an email, text message, online forum, chatbot or unsolicited phone call. Requests accompanied by pressure tactics or claims that immediate action is required should be treated with particular suspicion, as creating a false sense of urgency remains one of the most common techniques used in phishing campaigns.

Experts also caution against assuming that information found on public forums or generated by AI assistants is inherently trustworthy. Malicious instructions can spread rapidly across the internet and may be reproduced by multiple sources, giving them an appearance of legitimacy. Verifying guidance through official Apple documentation or other trusted security resources before executing any command remains one of the most effective ways to avoid becoming a victim of Terminal-based social engineering attacks.

Zimbra Urges Immediate Update to Fix Critical Classic Web Client XSS Vulnerability

 

Zimbra has released a security update to address a critical vulnerability in the Zimbra Classic Web Client that could allow malicious actors to compromise user accounts and execute unauthorized code. The company recommends that customers install the latest update to mitigate the threat. The flaw is a stored cross-site scripting (XSS) vulnerability that could allow an unauthenticated attacker to execute malicious JavaScript in the browser of a user viewing a specially crafted email message. 

The problem exists in the Classic Web Client component of Zimbra Collaboration Suite. While no CVE identifier has been assigned yet, Zimbra warned that successful exploitation of the vulnerability would lead to the exposure of mailbox content and settings, as well as session details. A stored XSS vulnerability occurs when the application stores user-supplied input without proper sanitization and later displays it to other users. 

In this case, an attacker could utilize this flaw to deliver specially crafted email messages that would execute arbitrary JavaScript code in the browser of a user who opens this message in the Zimbra Classic Web Client. The malicious script would then steal the victim’s session and potentially access their mailbox content, modify account settings, or perform other actions. While Zimbra has not reported any confirmed attacks using this vulnerability, several similar XSS flaws in the Zimbra Collaboration Suite have been actively exploited in the past. 

Attackers have targeted the webmail platform multiple times to hijack the accounts of high-profile organizations, including the Brazilian military, with no success, according to Zimbra. Previously exploited flaws affecting the product are CVE-2025-27915, CVE-2023-37580, and CVE-2024-27443. Therefore, organizations must ensure they have applied the latest security update to address the newly discovered vulnerability. 

The Zimbra Collaboration Suite 10.1.19 release notes mention the fix for the stored XSS in the Classic Web Client. Users must always access the updated version of the webmail platform via HTTPS to avoid man-in-the-middle attacks and other threats. Moreover, security analysts recommend monitoring the email traffic for any signs of suspicious activity and reviewing account access logs for unauthorized changes. 

Users must not open any attachments or links in emails that seem suspicious as these may contain malicious scripts that target webmail clients. Organizations must ensure they apply all security updates to their collaboration platforms as they provide critical protection against potential threats. 

In this case, the newly discovered vulnerability is yet another reminder of the importance of timely software updates. Attackers will continue targeting collaboration platforms such as Zimbra webmail to compromise user accounts by exploiting flaws such as XSS.

India Orders Telegram to Crack Down on Pirated Movies and OTT Content, Seeks Compliance Report

 

Ministry of Information and Broadcasting (MIB) has directed the messaging platform Telegram to take down the pirated films, OTT content and other audio-visual material uploaded on it. It also called upon the company to put in place measures to actively detect, report, disable and remove such unauthorized content from its platform instead of waiting for the government to notify it of alleged violations. 

As per the ministry's direction, the company was also asked to provide the details regarding steps taken by it against repeat offenders of copyright infringement on its platform like channels, groups, bots, admins, users and other entities. As per the notice sent by the ministry, the company was also asked to provide the details about its grievance redressal mechanism for film producers, OTT platforms, broadcasters, and law enforcement agencies concerning copyright infringements. 

At the same time, Telegram was also asked to suggest the steps it has taken to prevent, detect and remove the unauthorized copyrighted content. The ministry clarified that with the directions issued, there is an attempt to move to the next level in taking action against copyright infringement on online platforms. It emphasized that apart from responding to individual complaints, the onus is upon the companies to put in place robust systems to proactively prevent and detect such violations. 

The government has already taken down over 3,000 Telegram channels for hosting and distributing pirated content. However, it is felt that the step taken so far by blocking channels one by one is not an effective approach and the companies need to move to the next level. The ministry reminded Telegram that it was obliged to comply with the requirements of the Information Technology Act, 2000 and Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 concerning its responsibility as an intermediary platform. 

It observed that due diligence by the companies so that they are not host to any unlawful activities on their platforms cannot be left to the authorities to identify the channels hosting unlawful content. The ministry drew attention to the fact that violation of copyright laws in India is not only a civil wrong but also a punishable offence under Copyright Act, 1957 and Cinematograph Act, 1952. 

Therefore, continued availability of unauthorized content on Telegram, lack of adequate response as expected by the ministry, and failure to address the issues raised by it may trigger further regulatory actions. The latest initiative by the ministry reflects its commitment to protecting and promoting India's creator economy and the content ecosystem. 

It may be noted that the government has taken several steps to ensure that the rights of filmmakers, broadcasters, OTT platforms, producers, distributors and other content creators are protected against online piracy. By asking the online intermediaries to take more responsibility, the government is encouraging them to adopt better moderation practices in order to prevent the unlawful use of content on their platforms.

Centre Plans New Cybersecurity Norms for Electric Two- and Three-Wheelers to Address Battery Tampering Risks

 

The Central government is preparing to introduce new cybersecurity measures aimed at preventing unauthorised tampering with the batteries of electric two-wheelers and three-wheelers. The proposed regulations are expected to mandate stronger software security standards for electric scooters and e-rickshaws, including fully imported models, which have so far operated with limited cybersecurity oversight.

As part of the initiative, authorities are also considering banning mobile applications that can be used to exploit vulnerabilities in electric vehicles equipped with imported Chinese batteries. 

Officials from the Ministry of Heavy Industries and the Ministry of Electronics and Information Technology have reportedly held discussions on addressing these security concerns.

"The software security vulnerability will be plugged," a senior official told ET, adding downloads of mobile apps that can disturb e2w and e3w are expected to be curbed.

According to officials, the decision to restrict such software stems from the difficulty of individually fixing every electric two-wheeler and three-wheeler already in circulation. The software reportedly takes advantage of weaknesses in battery troubleshooting systems, enabling unauthorised users to interfere with vehicle operations.

Another official said electric rickshaws and low-speed electric scooters were initially permitted to encourage wider adoption of electric mobility. However, this also resulted in a significant influx of low-cost imported electric vehicles from China.

"A call has been taken to ensure more safety and software safeguards in new e2w and e3w sold in the country," the official said, adding roadworthy certificates will be issued only to new vehicle models that are free from such vulnerabilities.

The upcoming regulations are also expected to cover completely imported electric vehicles sold in India, ensuring they comply with the same cybersecurity and software safety requirements as locally manufactured models.