The BAT-BMS app, developed by Shenzhen Grenergy Technology, functions as a companion tool for Bluetooth-enabled lithium-ion batteries. It allows users to monitor critical parameters including voltage, current, temperature, charging cycles, and overall battery health. Additionally, it provides controls for battery discharge functions.
However, many e-rickshaws and electric two-wheelers operating in India reportedly use battery management systems shipped without adequate password protection or still running on factory-default credentials. This vulnerability enables anyone within Bluetooth range — typically 10 to 15 metres — to potentially pair with the battery without authorisation and, in some cases, disconnect power remotely.
The Ministry took prompt cognisance of the viral videos and initiated steps to restrict public access to the application. Beyond immediate removal, the government is also examining the broader cybersecurity implications of such weaknesses in connected battery systems used in electric vehicles. Officials are assessing the need for additional safeguards to protect users and strengthen the ecosystem for electric mobility in India.
Delhi Transport Minister Pankaj Singh acknowledged that while no formal written complaint had been received by the department, the issue had been highlighted by members of the public. According to reports, the Transport Department has been tasked with verifying the authenticity of the BAT-BMS application and thoroughly examining the claims regarding its misuse.
This development underscores the growing intersection between consumer technology, electric vehicle adoption, and cybersecurity challenges in India. As the country pushes aggressively toward electric mobility to reduce emissions and dependence on fossil fuels, ensuring the security of vehicle components like battery systems has become a critical priority for policymakers and regulators.
The BAT-BMS controversy highlights how seemingly innocuous companion apps can introduce significant risks when paired with inadequately secured hardware. Industry experts suggest that manufacturers need to implement stronger default security protocols, including mandatory password changes and improved authentication mechanisms for Bluetooth-enabled devices.
For e-rickshaw operators and passengers, the incidents serve as a wake-up call about the importance of digital security in everyday mobility solutions. Many drivers rely on these affordable electric vehicles for their livelihood, making the potential for remote interference not just a technical issue but one with real human and economic consequences.
The government’s proactive response reflects a commitment to safeguarding public interest while fostering innovation in the electric vehicle sector. As investigations continue and further safeguards are evaluated, stakeholders across the EV ecosystem — from manufacturers to app developers and end-users — will need to collaborate on robust security standards.
This episode may also prompt a wider review of similar applications and connected devices in the Indian market. With electric two-wheelers and three-wheelers gaining popularity, securing the entire value chain from battery production to software integration will be essential for building long-term consumer trust and ensuring safe, sustainable urban mobility.