Pranksters Use Chinese Apps To Remotely Shut Down Moving Delhi E-Rickshaws

Social media pranksters are causing safety hazards on Delhi's public streets by using Chinese battery-monitoring mobile apps to remotely shut down moving e-rickshaws. The ongoing viral trend exploits a critical security flaw in Bluetooth-enabled lithium-ion battery systems that lack password protection, abruptly stopping vehicles mid-journey.
The dangerous trend was recently demonstrated in a test conducted by Hindustan Times. With a driver's consent, an e-rickshaw was switched off remotely while in motion. The vehicle could only be restarted using the same mobile application, highlighting the vulnerability of the three-wheelers on active roads.
Behind the viral videos, which show confused drivers stopping suddenly while onlookers laugh, is a basic security loophole in how modern electric three-wheelers are built. Many of these vehicles use Bluetooth-enabled lithium-ion battery systems to monitor battery health. Manufacturers and drivers often use mobile apps like BAT-BMS and Lossigy for this purpose.
BAT-BMS, developed by Chinese manufacturer Shenzhen Grenergy Technology, is designed to let users wirelessly monitor battery charge, voltage, current, temperature, and cell health. The app works on phones supporting Bluetooth 5.0 and has a wireless range of up to 15 metres.
However, because many low-cost battery packs are shipped with Bluetooth active and no default password protection, anyone within range can download the app and connect to a nearby vehicle. Once connected, a user can tap the "Discharge Switch" inside the app, immediately cutting power to the e-rickshaw.
Because the battery itself is shut down, drivers cannot restart their vehicles using the physical ignition key. The power can only be restored if the battery is turned back on through the app that disabled it.
E-rickshaws running on older lead-acid batteries are unaffected by the flaw because they lack Bluetooth capabilities. Additionally, newer lithium-ion batteries that feature proprietary software or password protection remain secure against these unauthorized connections.
To prevent these remote shutdowns, drivers are being advised to secure their vehicles. This includes opening the BAT-BMS app to change the default password in the settings, or enabling features like "Remote Control Lock" or "App Control Lock" if available. Alternatively, drivers who do not require wireless monitoring can have a technician physically disconnect the Bluetooth module from the battery management system.



