Can an app really switch off a moving e-rickshaw? Here is what the BAT-BMS viral videos are actually showing

HIGHLIGHTS

Videos claiming the BAT-BMS app can remotely stop any e-rickshaw are misleading

The real vulnerability is not the app itself but poor security hygiene

E-rickshaws using lead-acid batteries, proprietary BMS systems or password-protected units are not affected

Videos showing a smartphone app apparently switching off moving e-rickshaws have been going viral on X, with the BAT-BMS app trending alongside hashtags. In these videos, several users on cycles, cars and two-wheelers are seen chasing e-rickshaws in an attempt to switch off their battery. The clips have alarmed many users and prompted calls to ban the app outright. The reality is more complicated and also more fixable, than the videos going viral suggests.

What is BAT-BMS app

BAT-BMS is a battery management tool developed by Shenzhen Grenergy Technology, a Chinese company. It is designed to let users wirelessly monitor Bluetooth-enabled lithium batteries, displaying information such as charge level, voltage, current, temperature, cycle count and individual cell health. It connects via Bluetooth Low Energy (BLE) and operates within a range of roughly 15 metres. The app was built primarily for solar, marine and off-grid battery systems, not vehicles. It is available on the Google Play Store but it appears to have been removed from Apple’s App Store following the viral controversy.

Why it works on some e-rickshaws

Many low-cost lithium battery packs used in Indian e-rickshaws use Chinese-made BMS units that include Bluetooth connectivity. The problem is that these units are frequently left in an open, unsecured state with no username or password set, either because dealers do not configure them at the point of sale or because the BMS was never locked by default.

When an unsecured BMS is left broadcasting its presence over Bluetooth, anyone within range can connect to it using a compatible app, including BAT-BMS. Once connected, the app’s remote cut-off function can disable the battery’s discharge output, which supplies power to the motor, stopping the vehicle.

This is not sophisticated hacking. It is exploiting a basic security misconfiguration, in this case: an open Bluetooth device with no authentication.

Who is and isn’t at risk

The viral videos make it sound as though any e-rickshaw can be stopped remotely, but that is not accurate. The vulnerability only applies to e-rickshaws that have Bluetooth-enabled lithium battery packs using a compatible BMS chipset and no password protection. The e-rickshaws running on lead-acid batteries (still common in India) are entirely unaffected and so are vehicles with lithium batteries using proprietary BMS software or any BMS that has been properly secured with a password.

Several people who tried to replicate the viral pranks reported that connecting to a moving e-rickshaw was significantly harder than the short clips made it appear, requiring the user to be close, stationary and lucky enough to find an unsecured and compatible battery.

What should actually happen

Tech content creator Abhishek Bhatnagar, who posted a detailed breakdown of the issue, has made a practical point. A rickshaw driver cannot reasonably be expected to know how to configure their battery’s Bluetooth settings. That responsibility lies with dealers and manufacturers. Dealers selling e-rickshaws fitted with Bluetooth-enabled BMS units should configure a password before handing the vehicle over. Regulatory authorities involved in vehicle registration could also make BMS password protection a requirement, similar to how telematics standards were mandated for electric vehicles in India from March 2023.

As electric vehicles become more connected, even small components like battery management systems need to be treated as security-sensitive hardware, not just monitoring tools left open by default. Disabling a vehicle’s power supply while it is in motion is a major safety risk, particularly on busy roads.

Siddharth Chauhan

Siddharth reports on gadgets, technology and you will occasionally find him testing the latest smartphones at Digit. However, his love affair with tech and futurism extends way beyond, at the intersection of technology and culture.

Connect On :