MeitY orders removal of BAT-BMS app over e-rickshaw battery hack risk
Synopsis
Key Takeaways
The Ministry of Electronics and Information Technology (MeitY) has directed Google Play Store and Apple App Store to remove the BAT-BMS mobile application, developed by Chinese firm Shenzhen Grenergy Technology, after videos circulated on social media allegedly showing the app being used to remotely shut down e-rickshaw battery systems while the vehicles were in motion, sources said on Friday, 3 July.
What the Videos Showed
The viral footage reportedly depicted individuals using the BAT-BMS app to connect to nearby e-rickshaws via Bluetooth and switch off their battery management systems (BMS) remotely — with passengers on board. The incidents raised immediate concerns over passenger safety and the vulnerability of connected battery systems in low-cost electric vehicles.
MeitY took cognisance of the matter after the videos spread widely and has moved to restrict public access to the application, according to sources.
How the Vulnerability Works
The BAT-BMS app functions as a companion tool for Bluetooth-enabled lithium-ion batteries, allowing users to monitor voltage, current, temperature, charging cycles, and battery health, as well as control discharge functions remotely.
The core security gap lies in how many e-rickshaws and electric two-wheelers sold in India are fitted with battery management systems that either ship without password protection or continue to run on factory-default credentials. This means anyone within Bluetooth range — typically 10 to 15 metres — can pair with the battery without the owner's knowledge and, in some cases, cut power entirely.
Delhi Transport Department Responds
Delhi Transport Minister Pankaj Singh reportedly acknowledged that the issue had been brought to his notice by members of the public, though he noted that no formal written complaint had been received by the department. He indicated that the Transport Department has been directed to verify the authenticity of the BAT-BMS application and examine the claims surrounding its alleged misuse.
Broader Cybersecurity Implications
Beyond the immediate app takedown, the government is reportedly examining the wider cybersecurity implications of such vulnerabilities across connected battery systems used in electric vehicles. Officials are assessing what additional safeguards may be required to secure BMS units that communicate over open Bluetooth protocols.
Notably, this episode surfaces a systemic gap in India's fast-expanding electric vehicle ecosystem — one where hardware security standards for low-cost EVs have not kept pace with rapid adoption. With millions of e-rickshaws and electric two-wheelers on Indian roads, the scale of potential exposure is significant. Further regulatory action on BMS security standards is expected as the review progresses.