The Off Switch: Viral Videos Expose BAT-BMS App Glitch That Disables Moving E-Rickshaws

The CSR Journal Magazine

A series of viral videos have emerged, suggesting that a mobile application named BAT-BMS can be used to deactivate electric rickshaws while they are in motion. This has sparked significant concern regarding the security of electric vehicles in India. Users on various social media platforms, particularly X, have shared alarming clips demonstrating the app’s purported capabilities.

The BAT-BMS application, developed by the Chinese firm Shenzhen Grenergy Technology Co., Ltd., is indeed legitimate and serves a specific function. It is a Battery Management System (BMS) app intended for monitoring Bluetooth-enabled lithium batteries. Users can access data on battery charge, voltage, current, temperature, cycle life, and individual cell health, along with functions for managing charging and discharging.

Concerns About Misuse of the App

The primary worry regarding BAT-BMS lies not in its intended functionality but in the reported misuse of the software. Experts have noted that some inexpensive lithium battery packs in select Indian e-rickshaws are equipped with Bluetooth-enabled BMS units lacking adequate password protection. This vulnerability allows anyone within a Bluetooth range of approximately 10 to 15 metres to potentially connect to these batteries and disable their discharge functionality.

Disabling the discharge function halts power supply to the vehicle’s motor, resulting in sudden loss of power while driving. This has led to several instances where drivers find themselves stranded amid traffic conditions, posing a safety risk not only to themselves but also to other road users.

However, it is crucial to clarify that not every e-rickshaw is susceptible to control by the BAT-BMS app. The application is only compatible with batteries that have a Bluetooth-enabled BMS. Many vehicles still utilise traditional lead-acid batteries, which do not support the app’s functionality. Additionally, numerous lithium-powered e-rickshaws employ proprietary systems requiring dedicated applications for management.

Cybersecurity Implications and Recommendations

This situation has brought to the forefront significant cybersecurity concerns within the expanding electric mobility sector. The core issue pertains to inadequate security measures rather than sophisticated hacking techniques. According to experts, many low-cost Bluetooth-enabled BMS units are dispatched without robust authentication protocols or password protection.

The misuse demonstrated in the viral content capitalises on this security flaw, enabling individuals within range to access controls meant for the battery’s owner. Although the application was designed to facilitate battery management, its efficacy is compromised when the underlying hardware lacks essential security features.

Cybersecurity professionals have long advocated for the implementation of more stringent pairing mechanisms, encryption, and user authentication in connected battery systems to safeguard against unauthorised access. As the industry continues to focus on connectivity, enhancing the security of battery communications is paramount.

Drivers with Bluetooth-enabled lithium batteries are encouraged to enable strong passwords, if supported, and to refrain from leaving their batteries available for unrestricted Bluetooth connections. Notably, it has been observed that the BAT-BMS app is currently unavailable on Apple’s App Store, though similar applications remain accessible. Nevertheless, the original BAT-BMS app can still be found on Google Play Store.

Long or Short, get news the way you like. No ads. No redirections. Download Newspin and Stay Alert, The CSR Journal Mobile app, for fast, crisp, clean updates!

App Store –  https://apps.apple.com/in/app/newspin/id6746449540 

Google Play Store – https://play.google.com/store/apps/details?id=com.inventifweb.newspin&pcampaignid=web_share

Latest News

Popular Videos