In recent days, social media platforms have been flooded with viral videos that have caused significant concern among electric vehicle owners, particularly e-rickshaw drivers. These videos demonstrate a mobile application being used to remotely shut down the batteries of e-rickshaws while they're in operation. The application identified in these incidents is known as BAT-BMS, and its sudden notoriety has led to widespread questions regarding the security of electric bikes and scooters across the country.
Understanding the BAT-BMS Application
The BAT-BMS app is a utility tool developed by a Chinese firm named Shenzhen Grenergy Technology. This company specializes in the production of lithium batteries and related technologies for various sectors, including electric vehicles, solar energy systems, and marine applications. The app is readily available for download on both the Google Play Store and the Apple App Store, designed primarily as a monitoring tool for battery health.
The legitimate purpose of the BAT-BMS app is to allow users to keep a close eye on their battery's performance. It provides real-time data on several critical parameters such as voltage levels, internal temperature, charging status, and other technical diagnostics. However, a specific feature within the app allows for the control of the battery's power output, enabling a user to switch the power on or off. It's this specific functionality that's reportedly being misused by unauthorized individuals to disrupt the operation of vehicles without the owner's permission.
Why E-Rickshaws are the Primary Targets
The vulnerability exploited by the BAT-BMS app isn't universal to all electric vehicles. It specifically affects those equipped with Bluetooth-enabled lithium-ion batteries where the Battery Management System (BMS) lacks solid security protocols. Many e-rickshaws currently in use work with smart lithium batteries that have been installed without changing the default security settings. In many cases, these systems don't have an active password, PIN, or any form of digital authentication enabled.
When a vehicle's BMS is left unprotected, any person with the BAT-BMS app installed on their smartphone can attempt to connect to the battery if they're within the Bluetooth signal range. This range is typically estimated to be between 10 to 15 meters. Once a connection is established without the requirement of a PIN, the unauthorized user gains access to the control interface and can trigger the power-off command, causing the vehicle to stop abruptly and leaving the driver stranded.
Potential Risks for Electric Scooters and Bikes
The concern has naturally shifted to whether electric scooters and bikes are also at risk. The answer depends heavily on the specific components used in the vehicle. If an electric bike or scooter uses a battery pack from Shenzhen Grenergy Technology or a similar manufacturer that utilizes a Bluetooth-based BMS without adequate security, it could potentially be shut down using the app. This scenario is more likely to occur with certain low-speed models or vehicles from local brands that may prioritize cost over advanced digital security features.
For such vulnerable vehicles, the risk remains confined to the 10 to 15 meters Bluetooth range. If the battery's BMS is compatible with the app and lacks a secure access code, an external user could theoretically interfere with the vehicle's power supply, leading to safety concerns for the rider. However, this isn't a universal threat to all electric two-wheelers.
Security Measures of Major EV Brands
Owners of electric vehicles from major established brands like Ola, Ather, TVS, and Bajaj have less reason for concern. These manufacturers typically don't use off-the-shelf, unsecured battery management systems. Instead, they employ customized and highly secure BMS architectures designed to prevent unauthorized access. These systems incorporate multiple layers of security, including digital authentication, data encryption, and owner verification processes.
In these high-end electric two-wheelers, Bluetooth connectivity and mobile app access are strictly tied to the owner's verified account and specific device. This makes it virtually impossible for a third-party application like BAT-BMS to gain control over the battery or the vehicle's power systems. While no electronic system is entirely immune to risks, the design and regular software updates provided by these major brands ensure a high level of protection against the kind of unauthorized interference seen in the viral videos.
