A smartphone application designed to monitor lithium batteries has come under government scrutiny after allegations that it is being misused to remotely disable some e-rickshaws, leaving drivers stranded, disrupting traffic and, in some cases, allegedly being used to extort money from vehicle operators.
The Delhi Transport Department has launched an inquiry into BAT-BMS and another application, Epoch Li-ion, after videos showing e-rickshaws being switched off remotely spread widely on social media. Around the same time, police in Madhya Pradesh’s Ujjain registered an FIR and arrested a suspect accused of allegedly demanding money from drivers after immobilising their vehicles using the same technology.
What is BAT-BMS?
Contrary to viral claims, BAT-BMS is not a hacking application in itself.
The application is designed to communicate with Bluetooth-enabled Battery Management Systems (BMS) fitted inside compatible lithium battery packs. Such systems allow owners and technicians to monitor battery health, charging status, voltage, temperature, current flow and other diagnostic information. The app is officially available for Android devices and is intended as a maintenance and battery management tool.
The concern is not the app’s intended purpose but the way it can allegedly be misused when paired with battery packs that lack basic Bluetooth security such as passwords or authentication.
According to reports under investigation, certain low-cost aftermarket lithium battery systems automatically accept nearby Bluetooth connections. If authentication has not been enabled, another user standing within Bluetooth range can connect to the battery management system.
Authorities are examining claims that this vulnerability has enabled people to interfere with battery settings on some e-rickshaws without the driver’s knowledge.
How does the alleged exploit work?
Investigators believe the problem lies with unsecured Battery Management Systems rather than with all electric vehicles.
Officials and experts say the alleged misuse affects only certain Bluetooth-enabled aftermarket battery packs that do not require passwords before pairing with a mobile device. Premium manufacturers and proprietary battery systems equipped with stronger security measures are generally not believed to be vulnerable to this type of access.
According to the allegations being examined by authorities, a person within roughly 10 to 15 metres can connect to an unsecured battery system and manipulate certain battery controls. In some reported cases, this allegedly caused the vehicle to stop functioning until the settings were restored.
The Delhi government is verifying these technical claims before deciding whether additional safeguards or restrictions are required.
Viral prank or criminal offence?
The issue first gained attention through social media videos that portrayed remotely disabling e-rickshaws as a prank.
However, the consequences for drivers have been far from amusing.
Content creator Amaan Siddiqui told ANI that he came across an e-rickshaw driver whose vehicle had remained stranded for hours.
“I saw a man tying up his rickshaw to another in order to move it,” Siddiqui said.
After connecting to the battery system, he claimed he restored the vehicle’s operation.
The driver allegedly told him he had rented the e-rickshaw and had lost an entire day’s income.
“He broke down and told me that he had lost an entire day of earning… What is being done by people is wrong,” Siddiqui said.
Several reports also suggest that stranded drivers have ended up paying mechanics or bystanders to restore their vehicles after assuming a mechanical fault had occurred.
Delhi begins technical probe
The Delhi Transport Department is assessing the technical risks associated with BAT-BMS and Epoch Li-ion following the viral videos.
Transport Minister Pankaj Singh and departmental officials are examining whether additional safeguards are required for Bluetooth-enabled Battery Management Systems used in parts of the capital’s electric vehicle fleet.
The investigation is expected to determine whether regulatory intervention or technical security requirements are needed to prevent misuse of unsecured battery systems.
Ujjain police investigate extortion allegations
The issue has also taken a criminal turn in Ujjain.
Police have registered an FIR and taken one person into custody after complaints that e-rickshaw operators were allegedly being forced to pay money to restart vehicles that had been remotely disabled.
Neel Ganga Police Station in-charge Tarun Kuril said the case surfaced after an e-rickshaw driver reported paying Rs 200 to a young man who claimed he could restart the vehicle.
According to Kuril, investigators later learnt that multiple drivers had reported similar incidents across the city.
Police said they are continuing their investigation into the alleged racket and are working with electric vehicle dealers to improve software security and encourage installation of authorised systems.
What does Indian law say?
Cyber law experts say that if investigators establish unauthorised access to another person’s Battery Management System, the conduct could attract provisions of the Information Technology Act, 2000.
Speaking to ANI, cyber law expert Pawan Duggal said an e-rickshaw equipped with digital systems functions as a computer resource under the law.
“Today, an e-rickshaw is not just an e-rickshaw; it’s a computer system… this is not a game; this is an offence under Section 66 read with Section 43 of the Information Technology Act 2000,” Duggal said.
Under the Information Technology Act, Section 43 deals with unauthorised access to or disruption of a computer resource and provides for civil liability. Where such acts are committed dishonestly or fraudulently, Section 66 provides for criminal punishment of up to three years’ imprisonment, a fine of up to Rs 5 lakh, or both.
Authorities have not yet announced whether these provisions will ultimately be invoked in the ongoing investigations.
As investigations continue in Delhi and Ujjain, the episode has exposed a simple but costly security flaw. For thousands of e-rickshaw drivers, a vulnerability hidden inside a battery system can mean lost income, stranded passengers and hours off the road.