Overview
- Viral videos that circulated in early July show people using mobile apps such as BAT‑BMS to connect over Bluetooth and switch off moving e‑rickshaws, leaving drivers stranded.
- The apps are legitimate battery‑management tools made by firms including Shenzhen Grenergy, and they expose a normal 'discharge switch' function when paired with unsecured Bluetooth modules.
- Independent checks and news tests found the exploit works on certain inexpensive lithium BMS units that broadcast BLE without passwords and can be controlled from about 10–15 metres.
- The problem is limited in scope because lead‑acid batteries lack Bluetooth and many manufacturer systems use passwords or proprietary apps, yet officials in Delhi and MeitY are probing the risk while police in Ujjain have filed an FIR and made an arrest over alleged extortion.
- Short‑term fixes advised include changing default Bluetooth passwords, enabling remote‑control locks or having dealers disable unused modules, and the episode is prompting calls for minimum security standards and possible regulatory action for EV battery systems.