Social media is flooding with viral videos showing random users remotely disabling battery rickshaws on roads using a Chinese smartphone app called BAT-BMS.
The app, developed by the Chinese company Shenzhen Grenergy Technology, allows users to track and control Bluetooth-enabled lithium batteries, sparking concerns over the cyber-safety of India’s rapidly growing EV ecosystem.
While it remains unclear how widespread the vulnerability is or how many battery models are affected, the clips have raised questions about whether some battery systems lack adequate authentication safeguards.
Several netizens criticised the use of such remotely operated apps, saying it was unnecessarily troubling the e-rickshaw (Tirri) owners. “Dangerous and unethical,” one user posted on X, commenting on the plight of tirri drivers.
What is a Battery Management System?
A Battery Management System (BMS) is an electronic control unit that acts as the “brain” of a lithium-ion battery pack. It monitors the battery voltage, temperature, charging and discharging current to ensure safe and efficient operation.
Many BMS units allow users to control the battery through Bluetooth via a smartphone app instead of using a dedicated display. The BAT-BMS application is one such utility designed for compatible lithium batteries.
According to the company’s website, the app enables users to view battery diagnostics—including charge level, voltage, temperature, cycle life and individual cell status—while also allowing certain battery functions to be managed remotely. The app connects directly to compatible batteries over Bluetooth and is intended for use by battery owners and authorised users.
Why do companies install BMS batteries in e-rickshaws?
According to Mukesh Gupta, founder of MaxVolt Energy, battery manufacturers install BMS units primarily to monitor battery health, usage patterns and charging behaviour, particularly for financed vehicles.
“It’s crucial for the company to monitor batteries, including battery life, and where and how it’s been used. A telematics system helps with this. This system can also be used to shut down the battery,” Gupta told The Lallantop.
But can everyone have remote access to the batteries? Gupta says only the company has complete access to the BMS. According to him, only the operator can monitor it. “This means they can access the battery temperature or voltage. But there’s no way to shut it down. Only the company can do that.”
Many are then wondering how the Chinese app has been able to remotely control the batteries—a feature that is now being exploited for amusement and views.
Experts weigh in
Experts say the incident should not be dismissed as a viral prank, but viewed as a warning about broader gaps in India’s cybersecurity governance for the connected mobility ecosystem.
“When something as critical as a Battery Management System can be accessed through Bluetooth without strong authentication or secure pairing, the concern is not the app alone. The real concern is that safety-critical vehicle systems are becoming connected without enough thought being given to cybersecurity,” says Anurag Singh, CEO, RAH Infotech.
The issue is particularly significant for India, where EV adoption is expanding rapidly through a fragmented ecosystem of OEMs, battery suppliers, dealers, retrofitters and imported components, Singh added.
According to Kunal Bhogal, COO, IIRIS Consulting, “Every unsecured node becomes an attack surface where a digital flaw turns into a physical safety threat on public roads. Without mandated security-by-design and manufacturer accountability, cheap connected hardware will keep scaling these risks across India’s mobility ecosystem,” he adds.
“Security cannot be left to the driver or the end user. It has to be built in at the manufacturer and supplier level through secure default settings, authenticated commands, firmware protection and regular monitoring. In connected mobility, a weak endpoint is not just a technology gap. It can quickly become a public safety risk, says Anurag.












