MeitY orders removal of BAT-BMS app over e-rickshaw battery hack risk

Share:
Audio Loading voice…
MeitY orders removal of BAT-BMS app over e-rickshaw battery hack risk

Synopsis

A Chinese app designed to monitor lithium-ion batteries has been directed for removal from Indian app stores after videos allegedly showed it being weaponised to cut e-rickshaw power mid-ride. The incident has exposed a glaring security gap: millions of low-cost EVs on Indian roads use battery systems with no password protection, making them remotely accessible to anyone within Bluetooth range.

Key Takeaways

MeitY has directed Google Play Store and Apple App Store to remove the BAT-BMS app, developed by Shenzhen Grenergy Technology .
Viral videos allegedly showed the app being used to remotely shut off e-rickshaw batteries via Bluetooth while passengers were on board.
Many e-rickshaws and electric two-wheelers in India use battery systems with no password protection or factory-default credentials, leaving them open to pairing by anyone within 10–15 metres .
Delhi Transport Minister Pankaj Singh has directed the Transport Department to verify the app's authenticity and examine the claims.
The government is assessing broader cybersecurity safeguards for connected battery systems across the electric vehicle sector.

The Ministry of Electronics and Information Technology (MeitY) has directed Google Play Store and Apple App Store to remove the BAT-BMS mobile application, developed by Chinese firm Shenzhen Grenergy Technology, after videos circulated on social media allegedly showing the app being used to remotely shut down e-rickshaw battery systems while the vehicles were in motion, sources said on Friday, 3 July.

What the Videos Showed

The viral footage reportedly depicted individuals using the BAT-BMS app to connect to nearby e-rickshaws via Bluetooth and switch off their battery management systems (BMS) remotely — with passengers on board. The incidents raised immediate concerns over passenger safety and the vulnerability of connected battery systems in low-cost electric vehicles.

MeitY took cognisance of the matter after the videos spread widely and has moved to restrict public access to the application, according to sources.

How the Vulnerability Works

The BAT-BMS app functions as a companion tool for Bluetooth-enabled lithium-ion batteries, allowing users to monitor voltage, current, temperature, charging cycles, and battery health, as well as control discharge functions remotely.

The core security gap lies in how many e-rickshaws and electric two-wheelers sold in India are fitted with battery management systems that either ship without password protection or continue to run on factory-default credentials. This means anyone within Bluetooth range — typically 10 to 15 metres — can pair with the battery without the owner's knowledge and, in some cases, cut power entirely.

Delhi Transport Department Responds

Delhi Transport Minister Pankaj Singh reportedly acknowledged that the issue had been brought to his notice by members of the public, though he noted that no formal written complaint had been received by the department. He indicated that the Transport Department has been directed to verify the authenticity of the BAT-BMS application and examine the claims surrounding its alleged misuse.

Broader Cybersecurity Implications

Beyond the immediate app takedown, the government is reportedly examining the wider cybersecurity implications of such vulnerabilities across connected battery systems used in electric vehicles. Officials are assessing what additional safeguards may be required to secure BMS units that communicate over open Bluetooth protocols.

Notably, this episode surfaces a systemic gap in India's fast-expanding electric vehicle ecosystem — one where hardware security standards for low-cost EVs have not kept pace with rapid adoption. With millions of e-rickshaws and electric two-wheelers on Indian roads, the scale of potential exposure is significant. Further regulatory action on BMS security standards is expected as the review progresses.

Point of View

A known industry shortcut that regulators never mandated against. Removing the app addresses the symptom; the vulnerability in the hardware remains. Until the Bureau of Indian Standards or MeitY mandates minimum Bluetooth security requirements for BMS units — including mandatory authentication and encrypted pairing — the attack surface stays wide open, regardless of which app is on the store.
NationPress
3 Jul 2026

Frequently Asked Questions

Why has the BAT-BMS app been ordered removed from Indian app stores?
MeitY directed Google Play Store and Apple App Store to remove the BAT-BMS app after videos circulated on social media allegedly showing it being used to remotely cut the battery power of e-rickshaws via Bluetooth while passengers were on board. The ministry acted on public safety and cybersecurity grounds.
What is the BAT-BMS app and who made it?
BAT-BMS is a companion mobile application developed by Chinese firm Shenzhen Grenergy Technology for Bluetooth-enabled lithium-ion batteries. It allows users to monitor battery parameters — including voltage, current, temperature, and charging cycles — and to control discharge functions remotely.
How can the app be used to disrupt an e-rickshaw?
Many e-rickshaws in India use battery management systems that ship without password protection or retain factory-default credentials. Anyone within Bluetooth range — roughly 10 to 15 metres — can pair with the battery using the app without the owner's knowledge and, in some cases, remotely disconnect the power supply.
What has the Delhi government said about the BAT-BMS issue?
Delhi Transport Minister Pankaj Singh reportedly said the issue was brought to his notice by members of the public, though no formal written complaint had been received. He directed the Transport Department to verify the app's authenticity and examine the claims about its alleged misuse.
What further action is the government considering?
Beyond the app removal, the government is reportedly examining the broader cybersecurity implications of open Bluetooth vulnerabilities in connected battery systems used across India's electric vehicle sector, with officials assessing what additional safeguards may need to be mandated.
Nation Press
The Trail

Connected Dots

Tracing the thread behind this story — newest first.

8 Dots
  1. Latest 2 weeks ago
  2. 2 weeks ago
  3. 2 weeks ago
  4. 1 month ago
  5. 6 months ago
  6. 9 months ago
  7. 1 year ago
  8. 1 year ago
Google Prefer NP
On Google