Jul 05, 2026

  • Add News

E-rickshaws being hacked in the middle of the road from mobile? Read the full story of the BAT-BMS controversy and EV cybersecurity

Initially, the whole controversy revolved around the Chinese battery management app BAT-BMS, but as the matter progressed, it became clear that it was not a matter of any one app. The real question is the cyber security of India's fast-growing electric vehicle i.e. EV ecosystem. The real question is whether the digital security of EVs is as strong as the pace at which EVs are being adopted in the country? Let's understand this whole story from the beginning.

What has the government done so far?

S Krishnan also said that the app stores themselves will have to take precautions and the government will negotiate with Google and Apple to ensure that such harmful apps are not available again in the future. Along with this, the government is now also investigating the big picture behind this whole incident i.e. the cyber vulnerabilities of the battery system.

First of all, understand what BMS is?

To understand this whole story, it is important to first understand the BMS. Inside each lithium-ion battery is a small electronic control system called the Battery Management System (BMS).

If you consider the battery to be a human body, then the BMS is his brain. This decides how much the battery will be charged, how much will be discharged and what is the temperature of which cell. The app also checks if the battery is overheating and there is no risk of short circuit. Overall, the BMS's job is to ensure that the battery runs safely.

Nowadays many modern BMSs also have a Bluetooth module. With the help of this, complete information about the battery can be seen through the mobile app. Service engineers and authorized dealers check the health of the battery with this app. Some BMS also offer the option to turn the battery on or off for safety reasons. The real controversy started here, which was created to make the feature servicing easier, now it is being feared to be misused.

viral video show?

In many of the videos, the driver looked upset. Someone had to push a rickshaw in the middle of the road, while someone's day's earnings stopped. Some people made it a kind of prank and in some parts of North India, it was also given a name like Terry Control. In many of the videos, the battery was even restarted after the recording, only to capture the driver's reaction on camera.

These videos created an impression in the minds of the common people that any person can switch off any e-rickshaw from mobile anytime. Is it really so? This is where we need to stop and think.

can every e-rickshaw really be discontinued

The only threat is on the few Bluetooth-enabled lithium batteries that such common apps can connect to. They are also at risk if the BMS does not have a strong password or authentication. That is, the picture that the viral video is presenting does not apply to every vehicle. This is also important because it can prevent unnecessary panic.

BAT-BMS controversy start and what is this app?

viral video, an app named BAT-BMS first came into the limelight. It is an app created by the Chinese company Shenzhen Granergy Technology and was originally designed for monitoring and servicing lithium-ion batteries with Bluetooth.

Then how did the story take a new twist?

Initially, it was believed that the problem was only in the BAT-BMS and the matter would be over as soon as it was removed. Some tests also showed that the app was asking for a password before turning off the battery. The real turning point came when a second battery management app was tried. That app also connected to the same compatible battery and started shutting it down.

The government has also now removed two apps: BAT-BMS and Epoch Li-ion. This made one thing very clear that if the hardware of the battery is not safe, then just removing an app will not completely eliminate the problem. Another compatible app may try to connect to the same weak battery. This is the point where the matter goes beyond the realm of one app and becomes a question of cybersecurity of the entire EV system.

Technically, where is the real weakness?

That's the most important part of this whole controversy. The problem is more in the BMS than in any one app, whose security is weak. The danger lies where the battery's Bluetooth is open and there is no strong password in it. Many times, the default password of the factory is never changed and the same continues. Somewhere the authentication system is weak and somewhere the firmware is not secure enough.  

Is it hacking?

Technical experts say that it would not be correct to call every case hacking. If a system is open without a password and someone misuses its official control feature, then it is not traditional cyber hacking, but a security

From a legal point of view, entering and controlling someone else's system without permission can be criminalized. The police action in Ujjain indicates that it cannot be dismissed as a joke.

Read also: How does the BAT-BMS app work, will it also shut down electric bikes and cars?

e-rickshaw drivers?

For drivers, it's not just a technical issue, but a straightforward livelihood issue. Most e-rickshaw drivers hire vehicles, so even a day's loss is very heavy for them. If the e-rickshaw stops in the middle of the road, the passengers get off, the fare is not received and the vehicle has to be pushed. This gets the whole day's earnings stuck.

In a case reported from Delhi, a driver's rickshaw was parked at one place since morning and he lost his day's earnings of about four hundred to five hundred rupees. Later, a person present at the spot connected to his app and restarted his rickshaw. Dealers say that such complaints have increased in the last few days and many vehicles have reached the workshop for inspection.

Is just deleting the app the solution?

The answer of the experts is clear that no. Even if BAT-BMS is removed, but another app can connect to the same vulnerable hardware, the problem will persist. This is the reason why the debate became even bigger after the emergence of other apps like Epoch Li-ion. In such a situation, the real solution is not to remove the app, but to strengthen the protection of the battery and BMS from the root. Unless the hardware is secure, apps will keep coming and going and threatening.

Read also: How does the BAT-BMS app work, will it also shut down electric bikes and cars?

What reforms should be made?

Cybersecurity experts are giving many suggestions on this. First of all, a unique password should be mandatory for every BMS and the factory's default password should be changed in the first use. The Bluetooth connection must be encrypted and only authorized devices can connect to the battery.

These three things will keep everyone's eyes on

  • The first is what the government's investigation reveals and how many batteries are really affected?
  • Second, what policy do Google and Apple adopt next regarding such apps?
  • Thirdly, does India implement any separate cybersecurity rules for EV batteries and battery management systems?

Biggest Question

BAT-BMS controversy initially raised questions about just one app, but after the emergence of other apps like Epoch Li-ion, the debate has deepened. Now it is not just a matter of one Chinese app. The real question is, as fast as the adoption of electric vehicles in India, is their digital security being built as strongly? If the answer is no, then this controversy can also become the beginning of new cyber security rules for the country's EV industry in the coming time and this is perhaps the biggest lesson of this whole matter.

Also read: Action against apps that shut down e-rickshaws, deleted two


RSS News
ABP Live

0 thoughts on “E-rickshaws being hacked in the middle of the road from mobile? Read the full story of the BAT-BMS controversy and EV cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *

We use cookies to ensure that we give you the best experience on our website. By continuing to browse our site we'll assume that you understand this. Learn more