
5 min readNew DelhiUpdated: Jul 3, 2026 04:43 PM IST
Many e-rickshaws continue to use lead-acid batteries, while several lithium-powered vehicles rely on proprietary battery management systems that cannot be accessed through applications like BAT-BMS. Photo: Unsplash
The government Friday directed Apple and Google to take down at least three apps over reports of them being misused to remotely switch off some e-rickshaws amid cybersecurity concerns and passenger safety risks.
The move follows the circulation of videos on social media showing individuals connecting to nearby e-rickshaws through Bluetooth and disabling their battery management systems or BMS while the vehicles were in motion. The apps that have been directed to be blocked include BAT-BMS, Lossigy, and Epoch Li-ion. At least a couple of them are of Chinese-origin.
What is a BMS?
A battery management system (BMS) essentially tracks the state of a battery, with the primary aim of eliminating variations in performance of individual battery cells to allow them to work uniformly inside a battery pack. This system is incorporated in an electric vehicle (EV) powered with a large-capacity lithium ion battery, and plays a key role in extending the battery’s service life and ensuring its safe use.
The top vendors of these systems include Texas Instruments, NXP Semiconductors, Analog Devices, Infineon Technologies, LG Chem, Panasonic, and Renesas Electronics. Chinese battery makers such as CATL and BYD are also big players in this space, alongside a host of smaller companies that cater to the unorganised segment.
Automotive is the largest segment for BMS with a 50% market share that is primarily driven by EV battery management and hybrid vehicle energy optimisation. Energy accounts for 20%, with grid-scale battery storage and renewable energy integration, where companies such as Navitas Systems and Nuvation Energy are among the big players.
The BMS ‘hack’
The BAT-BMS app was originally developed by China’s Shenzhen Grenergy Technology as a legitimate battery management tool for Bluetooth-enabled lithium-ion batteries. The idea of having a Bluetooth connection point is to enable vehicles with these batteries to connect to the device remotely through an app and monitor the parameters of the battery on a real time basis.
The app allows users to monitor a battery’s state of charge, voltage, current, temperature, charging cycles, and overall health. The application also enables compatible users to control charging and discharging functions, making it useful for battery diagnostics and maintenance.
Story continues below this ad
According to its Play Store listing, the app can connect wirelessly to batteries over Bluetooth Low Energy within an operating range of around 15 metres. Such apps are typically designed to be used at service centres for battery-related diagnostics.
The primary concern, however, lies with the security configuration of some BMS used in low-cost EVs. The apps in question could connect to the BMS within a limited range, and be used to cut battery power, bringing the vehicle to a sudden halt.
This was primarily a problem in electric e-rickshaws, which use low-cost Chinese-made BMS without adequate password protection or default credentials. As a result, anyone standing within Bluetooth range may be able to pair with the battery using compatible applications such as BAT-BMS and disable the battery’s discharge function. Since the discharge circuit supplies power to the motor, switching it off can immediately immobilise the vehicle.
Weak security settings
Sources said that this is not a sophisticated hacking attack but rather the exploitation of weak security settings on connected battery systems. The app itself does not automatically gain control over every electric vehicle. It only works with batteries that support compatible Bluetooth-enabled BMS hardware.
Story continues below this ad
Many e-rickshaws continue to use lead-acid batteries, while several lithium-powered vehicles rely on proprietary battery management systems that cannot be accessed through applications like BAT-BMS.
The problem with some of the low-cost Chinese lithium battery packs used in most e-rickshaws is that they come with Bluetooth-enabled BMS units that have little or no password protection. If such a battery is not adequately secured, anyone standing within Bluetooth range can potentially connect to it and they manipulate the settings, including turning off the battery’s discharge function. Since the discharge function supplies power to the motor, disabling it can immediately stop the vehicle.
One safeguard here is to ensure that a password is mandatorily incorporated when the BMS app is activated, so that there is one layer of security instituted in the Bluetooth connection process.
© The Indian Express Pvt Ltd
Soumyarendra Barik is a Special Correspondent with The Indian Express, specializing in the complex and evolving intersection of technology, policy, and society. With over five years of newsroom experience, he is a key voice in documenting how digital transformations impact the daily lives of Indian citizens.
Expertise & Focus Areas Barik’s reporting delves into the regulatory and human aspects of the tech world. His core areas of focus include:
The Gig Economy: He extensively covers the rights and working conditions of gig workers in India.
Tech Policy & Regulation: Analysis of policy interventions that impact Big Tech companies and the broader digital ecosystem.
Digital Rights: Reporting on data privacy, internet freedom, and India's prevalent digital divide.
Authoritativeness & On-Ground Reporting: Barik is known for his immersive and data-driven approach to journalism. A notable example of his commitment to authentic storytelling involves him tailing a food delivery worker for over 12 hours. This investigative piece quantified the meager earnings and physical toll involved in the profession, providing a verified, ground-level perspective often missing in tech reporting.
Personal Interests Outside of the newsroom, Soumyarendra is a self-confessed nerd about horology (watches), follows Formula 1 racing closely, and is an avid football fan.
Find all stories by Soumyarendra Barik here. ... Read More
Anil Sasi is the National Business Editor at The Indian Express, where he steers the newspaper’s coverage of the Indian economy, corporate affairs, and financial policy. As a senior editor, he plays a pivotal role in shaping the narrative around India's business landscape.
Professional Experience Sasi brings extensive experience from some of India’s most respected financial dailies. Prior to his leadership role at The Indian Express, he worked with:
The Hindu Business Line
Business Standard
His career trajectory across these premier publications demonstrates a consistent track record of rigorous financial reporting and editorial oversight.
Expertise & Focus With a deep understanding of market dynamics and policy interventions, Sasi writes authoritatively on:
Macroeconomics: Analysis of fiscal policy, budgets, and economic trends.
Corporate Affairs: In-depth coverage of India's major industries and corporate governance.
Business Policy: The intersection of government regulation and private enterprise.
Education Anil Sasi is an alumnus of the prestigious Delhi University, providing a strong academic foundation to his journalistic work.
Find all stories by Anil Sasi here ... Read More
Tags:
Explained Sci-Tech
Express Explained
View original source — Indian Express ↗



