Centre acts against BAT-BMS app, asks app stores to remove it over e-rickshaw security concerns

Authorities in Delhi and Ujjain are investigating allegations that unsecured Bluetooth-enabled battery systems in some e-rickshaws have been exploited to remotely disable vehicles, disrupting drivers' livelihoods.


The Centre on Friday moved to block public access to the BAT-BMS mobile application after reports emerged that it could be misused to remotely interfere with the battery systems of e-rickshaws. The Ministry of Electronics and Information Technology (MeitY) said the application has been removed from major app stores while authorities examine the wider cybersecurity risks linked to connected electric vehicle batteries.

The action follows the circulation of videos on social media that allegedly showed individuals connecting to nearby e-rickshaws through Bluetooth using the BAT-BMS app and switching off battery systems while the vehicles were in motion. The reports triggered concerns over passenger safety and the security of battery management systems used in low-cost electric vehicles.

Speaking on Friday, MeitY Secretary S Krishnan said two applications that recently came to the government’s notice had already been taken down.

“There are a couple of apps which came up to our notice yesterday. Both of them have been taken down from the app stores,” Krishnan said while responding to a question on applications allegedly linked to e-rickshaw-related fraud.

He said app stores must exercise greater due diligence before allowing applications on their platforms.

“The idea is that this is due care that the app stores have to exercise and we will take it up with the app stores to see that possibly damaging apps do not come up,” he said.

Why the BAT-BMS app came under scrutiny

According to sources, MeitY directed the Google Play Store and Apple App Store to remove the Chinese BAT-BMS application after taking cognisance of the videos that went viral online.

The app, developed by Shenzhen Grenergy Technology, is designed to work with Bluetooth-enabled lithium-ion batteries. It allows users to monitor battery voltage, current, temperature, charging cycles and battery health. It also provides controls for battery discharge functions.

Officials are now examining whether vulnerabilities in such battery management systems could be exploited more widely. The government is also assessing additional safeguards for connected battery systems used in electric vehicles.

Default battery settings raise security concerns

Many battery management systems used in e-rickshaws and electric two-wheelers are supplied without password protection or continue to operate using factory-default credentials.

According to the sources, this can allow anyone within Bluetooth range, typically around 10 to 15 metres, to pair with the battery system without the owner’s knowledge. In some cases, it could also enable remote disconnection of power.