How a Battery ‘Hacking’ App Can Strand an E-Rickshaw
Why in News:
Recently, The Government of India has directed Apple and Google to remove Battery Management System (BMS) applications (BAT-BMS, Lossigy, and Epoch Li-ion) after videos on social media showed individuals remotely disabling Bluetooth-enabled e-rickshaws while they were in motion.
-
-
- Authorities have also warned that deliberately disabling vehicles using such applications may constitute a computer-related offence under the Information Technology Act, 2000, attracting fines and imprisonment of up to three years. The incident has raised concerns about passenger safety, cybersecurity, and the security standards of battery systems used in low-cost electric vehicles (EVs).
- Authorities have also warned that deliberately disabling vehicles using such applications may constitute a computer-related offence under the Information Technology Act, 2000, attracting fines and imprisonment of up to three years. The incident has raised concerns about passenger safety, cybersecurity, and the security standards of battery systems used in low-cost electric vehicles (EVs).
-
What is a Battery Management System (BMS)?
A Battery Management System (BMS) is an electronic control unit that monitors and manages rechargeable batteries, particularly lithium-ion batteries used in EVs. It tracks battery voltage, current, temperature, charging cycles, and overall health. The BMS balances battery cells, prevents overcharging and overheating, extends battery life, and ensures safe operation of electric vehicles.
How the "Hack" Works:
The incident is not a sophisticated cyberattack but an exploitation of weak or non-existent security configurations in certain battery systems.
-
-
- Legitimate Utility: The BAT-BMS app was originally developed by a Chinese technology company to help users monitor battery voltage, temperature, charging status, and battery health.
- Open Bluetooth Scanning: Many low-cost lithium battery packs lack password protection or continue to use default credentials. Anyone within Bluetooth range (around 15 metres) can detect and connect to the battery using the app.
- Flipping the Kill Switch: Once paired, the app provides administrative controls, including the option to disable the battery's discharge function.
- Instant Vehicle Stalling: Since the discharge circuit supplies electricity to the motor, disabling it immediately cuts power, bringing the e-rickshaw to a halt.
- Legitimate Utility: The BAT-BMS app was originally developed by a Chinese technology company to help users monitor battery voltage, temperature, charging status, and battery health.
-
Impact and Road Safety Risks:
Although portrayed as a prank on social media, the consequences are serious:
-
-
- Loss of Livelihood: Drivers may be forced to push their vehicles for long distances or spend money on repairs, resulting in loss of daily income.
- Road Safety Hazard: Sudden stoppage of an e-rickshaw in moving traffic can lead to rear-end collisions or even overturning of the vehicle.
- Limited Scope: The vulnerability affects only certain Bluetooth-enabled lithium battery packs with weak security. Lead-acid batteries and premium EVs generally use encrypted, password-protected BMS that are not susceptible to this exploit.
- Loss of Livelihood: Drivers may be forced to push their vehicles for long distances or spend money on repairs, resulting in loss of daily income.
-
Conclusion:
As India rapidly expands its electric mobility ecosystem, cybersecurity must become an integral part of EV safety. Secure Battery Management Systems, stronger regulatory standards, indigenous technology development, and greater consumer awareness are essential to ensure that the transition to clean transportation remains safe, reliable, and resilient against emerging digital threats.

