How Are Notorious Pranksters Using a Viral Chinese App to Stop E-Rickshaws Mid-Way? TraceX Labs Issues Nationwide BMS Security Advisory
A wave of viral videos circulating across social media has triggered nationwide concern after pranksters were seen using a Bluetooth-enabled mobile application known as BAT-BMS to interfere with...
A wave of viral videos circulating across social media has triggered nationwide concern after pranksters were seen using a Bluetooth-enabled mobile application known as BAT-BMS to interfere with Battery Management Systems (BMS) installed in electric vehicles, particularly commercial e-rickshaws.
The videos, widely shared across platforms including X, Instagram, Facebook, and YouTube, allegedly show individuals connecting to nearby battery systems through Bluetooth and remotely disabling the battery discharge function, causing moving e-rickshaws to suddenly stop on public roads.
The incidents have sparked serious discussions among e-rickshaw drivers, battery manufacturers, cybersecurity researchers, fleet operators, and government agencies over the growing cybersecurity risks associated with connected Battery Management Systems.
Viral Videos Show E-Rickshaws Stopping Mid-Road
Several videos show pranksters following moving e-rickshaws before opening the BAT-BMS mobile application and selecting nearby Bluetooth-enabled battery systems.
In many clips, the pranksters activate the application’s “Discharge Switch”, after which the e-rickshaw unexpectedly loses power and comes to a halt.
One widely circulated video shows an elderly driver forced to push his disabled vehicle for several kilometers after the battery was allegedly disconnected through the application. Another video reportedly captures members of the public confronting an individual accused of using the app to disrupt nearby vehicles.
While many social media users initially viewed the videos as harmless pranks, cybersecurity experts warn that intentionally interfering with moving electric vehicles could create significant public safety risks.
What Is the BAT-BMS Application?

BAT-BMS is a Bluetooth-enabled battery monitoring application designed to communicate with compatible Battery Management Systems (BMS). The software is intended for battery diagnostics, monitoring, maintenance, and configuration by authorized owners or technicians.
The application itself is not malware.
Instead, cybersecurity researchers explain that the underlying issue lies in the security configuration of certain Battery Management Systems that expose Bluetooth functionality without sufficient authentication.
Where insecure configurations exist, nearby users may be able to pair with the battery using compatible applications if Bluetooth remains publicly discoverable and protected only by factory-default credentials—or, in some cases, by no authentication at all.
The issue therefore affects only vulnerable Battery Management Systems and should not be interpreted as impacting every electric vehicle or battery manufacturer.
TraceX Labs Releases Comprehensive Cybersecurity Advisory
Following the viral incidents, cybersecurity research organization TraceX Labs has published a detailed technical advisory titled:
Unauthorized Over-the-Air Disruption of EV Battery Management Systems (BMS) via Unauthenticated Bluetooth Low Energy (BLE) Controls
Prepared by the TraceX Labs IoT Security Research Team, the report provides a technical assessment of the Bluetooth vulnerabilities observed in certain Battery Management Systems and offers immediate mitigation guidance for manufacturers, battery assemblers, service providers, fleet operators, regulators, and vehicle owners.
According to TraceX Labs, the reported incidents are not examples of internet-based remote hacking but rather involve local Bluetooth Low Energy (BLE) communication between a nearby smartphone and a vulnerable Battery Management System.
The organization emphasizes that successful interaction depends entirely on the specific battery hardware, firmware implementation, and Bluetooth security configuration.
Technical Weaknesses Identified
According to the advisory, vulnerable Battery Management Systems may exhibit one or more of the following security weaknesses:
- Missing authentication before executing critical Bluetooth commands
- Factory-default Bluetooth PINs or publicly documented credentials
- Bluetooth interfaces remaining permanently discoverable
- Lack of access control lists or trusted-device whitelisting
- Open write permissions allowing unauthorized battery control functions
If these weaknesses are present, a nearby Bluetooth-enabled smartphone running a compatible diagnostic application may be capable of communicating with the Battery Management System without authorization.
Potential Impact on India’s EV Ecosystem
Battery Management Systems serve as the electronic control center for lithium-ion battery packs by monitoring voltage, balancing cells, managing charging and discharging, and protecting batteries against unsafe operating conditions.
TraceX Labs warns that insecure Bluetooth implementations could potentially lead to:
- Unexpected vehicle shutdowns
- Increased road safety risks
- Disruptions to commercial e-rickshaw services
- Financial losses for drivers and fleet operators
- Reduced consumer confidence in connected electric mobility technologies
The advisory notes that India’s rapidly expanding electric mobility sector—combined with the widespread deployment of low-cost imported Bluetooth-enabled battery systems—makes cybersecurity an increasingly important consideration throughout the EV supply chain.
Immediate Security Recommendations
TraceX Labs recommends that battery manufacturers, service centers, fleet operators, and vehicle owners immediately review the Bluetooth security settings of deployed Battery Management Systems.
The advisory recommends:
- Replacing factory-default Bluetooth passwords with strong unique credentials
- Disabling Bluetooth advertising when wireless monitoring is unnecessary
- Restricting Bluetooth pairing to trusted devices only
- Installing manufacturer-issued firmware updates wherever available
- Performing regular security assessments of deployed Battery Management Systems
- Temporarily disconnecting external Bluetooth communication modules where secure configuration is unavailable
The report further advises that any hardware modifications should only be carried out by qualified technicians following appropriate electrical safety procedures.
Long-Term Industry Recommendations
Beyond immediate mitigation, TraceX Labs recommends adopting secure-by-design principles for future Battery Management Systems, including:
- Mandatory cryptographic authentication
- Encrypted Bluetooth communications
- Secure pairing procedures
- Bluetooth disabled by default until securely configured
- Secure first-time device initialization
- Mandatory wireless cybersecurity testing before deployment
- Vulnerability disclosure programs for manufacturers
- Stronger automotive cybersecurity standards for connected EV components
Growing Need for EV Cybersecurity
As India’s electric vehicle ecosystem continues to expand, experts believe cybersecurity must become a core component of transportation safety alongside battery performance and mechanical reliability.
The recent viral incidents demonstrate how insecure wireless configurations can be misused when basic security protections are absent.
While the BAT-BMS application itself is designed as a legitimate battery management tool, the events highlight the importance of implementing secure Bluetooth configurations to prevent unauthorized access.
TraceX Labs states that its advisory is intended to help manufacturers, regulators, fleet operators, battery assemblers, and vehicle owners better understand these risks and implement practical safeguards to strengthen the cybersecurity of India’s rapidly growing electric mobility ecosystem.
TraceX Labs Report : https://tracexlabs.com/reports/bms-security-advisory-immediate-mitigation-for-ev-vehicles.html





