Chinese App BAT-BMS Lets Strangers Switch Off E-Rickshaws via Bluetooth, Netizens Raise Security Concerns

A series of viral videos claiming that people can stop moving e-rickshaws using nothing more than a smartphone has sparked fresh concerns about the security of electric vehicles in India. The clips, widely shared on X, suggest that a mobile application called BAT-BMS can connect to nearby battery-powered three-wheelers and switch them off while they are moving on the road.
Hero Image


The videos have left many social media users worried, but the reality is far more nuanced than the claims circulating online.


What Is the BAT-BMS App?

The BAT-BMS app is a legitimate application developed by Chinese company Shenzhen Grenergy Technology. It is a Battery Management System (BMS) monitoring app designed to help users monitor Bluetooth-enabled lithium batteries.


The app provides important battery information, including charge level, voltage, current, temperature, battery cycle life, and the health of individual battery cells. It also allows users to manage charging and discharging functions on compatible battery systems.


Why Has the BAT-BMS App Become Controversial?

The growing concern is not about the BAT-BMS app itself but about how it is reportedly being misused.


According to explanations shared by Grok with several X users, some low-cost lithium battery packs used in Indian e-rickshaws are equipped with Bluetooth-enabled Battery Management System (BMS) units that have weak or no password protection. If these batteries are left unsecured, anyone within Bluetooth range, typically around 10 to 15 metres, may be able to connect to the battery and disable its discharge function.

Since the discharge function supplies power to the vehicle's motor, turning it off can immediately bring the e-rickshaw to a halt.


What Do the Viral Videos Show?

This weakness is exactly what many of the viral prank videos appear to demonstrate.

In several clips shared online, e-rickshaw drivers suddenly lose power while driving in traffic. This leaves the vehicles stranded on the road and creates a potential safety risk for both the drivers and other commuters.


The videos have fuelled widespread concern, but experts say they should not be interpreted as proof that every electric vehicle can be controlled in this way.


Can BAT-BMS Connect to Every Electric Vehicle?

The simple answer is no.

There is no evidence that the BAT-BMS app can connect to every electric vehicle. The application only works with batteries equipped with a compatible Bluetooth-enabled Battery Management System.

Many e-rickshaws in India still use traditional lead-acid batteries, which do not support Bluetooth connectivity. Even among lithium-powered vehicles, many manufacturers rely on proprietary battery management systems that work only with their own dedicated applications instead of BAT-BMS.

In such cases, the BAT-BMS app cannot communicate with the battery at all.



Why the Viral Claims Are Misleading

The BAT-BMS app also does not automatically detect or take control of every nearby electric vehicle.

For a connection to be established, the battery must support Bluetooth Low Energy (BLE), actively broadcast its presence, and be compatible with the BAT-BMS platform. Without these requirements, the app cannot access or control the battery.

This means the viral claims suggesting that anyone can instantly switch off any nearby e-rickshaw using a smartphone are misleading. Only vehicles fitted with compatible Bluetooth-enabled battery systems that lack proper security are potentially vulnerable.


Cybersecurity Concerns for India's Electric Mobility Sector

Although the viral claims have been exaggerated, the incident has highlighted an important cybersecurity issue for India's rapidly growing electric mobility industry.

The concern is not about advanced hacking techniques but about weak security settings on certain battery management systems. According to Grok's explanation, several inexpensive Bluetooth-enabled BMS units are shipped with weak authentication or no password protection at all.