Dalimss News
Varanasi

Chinese App 'BAT-BMS' Remotely Disables E-Rickshaws via Bluetooth in Varanasi

By SUSHANT GAURAV7 min read
Chinese App 'BAT-BMS' Remotely Disables E-Rickshaws via Bluetooth in Varanasi

VARANASI — A concerning cybersecurity vulnerability has hit the streets of the spiritual capital, turning a viral digital trend into a nightmare for local electric rickshaw drivers. A Chinese smartphone application named BAT-BMS is at the center of this controversy, with individuals allegedly exploiting it to remotely shut down moving e-rickshaws (popularly known as tirris) via Bluetooth.

How the Bluetooth Exploit Works

The BAT-BMS application is originally designed as a legitimate utility tool by a Chinese tech firm to allow vehicle owners to monitor battery health, diagnostics, temperature, and voltage parameters. However, the app is being widely misused due to a fundamental flaw in low-cost aftermarket energy systems.

  • Weak Authentication: Many inexpensive lithium battery packs deployed in domestic e-rickshaws ship with default open Bluetooth configurations, lacking any robust password protection or secure pairing protocols.

  • The Master Cut-off: Anyone standing within a standard 10-to-15-meter Bluetooth range can open the app, automatically pair with an unencrypted battery firmware, and toggle the master "discharge" function.

  • Sudden Immobilization: Toggling this function immediately cuts off the power flow from the battery to the motor, turning off the vehicle’s digital dashboard display and stranding drivers instantly in the middle of active traffic.

Cybersecurity and Livelihood Concerns

The incident has triggered widespread anxiety regarding the cybersecurity and safety frameworks governing connected electric vehicles in India. Beyond the immediate safety hazards of stalling vehicles on congested roads, the exploit targets vulnerable gig-economy workers. Drivers who suffer these remote shutdowns lose out on their daily wages and are often forced to physically haul their disabled tirris through the streets, entirely unaware that their vehicles have been digitally compromised.

Cybersecurity experts state that this trend serves as a stark warning for the EV ecosystem. Moving forward, industry analysts are urging strict government mandates that enforce "security-by-design," making it mandatory for battery manufacturers to implement encrypted firmware, unique user authentication, and secure default passwords to eliminate such wireless hijacking.

Related Stories