Imagine your car being remotely disabled when you were driving it. Does it sound like a scene straight out of a Hollywood movie? Welcome to the 21st century, where these incidents are taking place not on the silver screen, but in real life.
The controversy erupted in the first week of July 2026 when a series of prank videos from New Delhi showing e-rickshaws being disabled remotely using an app called BAT-BMS began making the rounds on social media. Not long before, content creators and influencers had whipped out their smartphones, recording themselves walking up to electric scooters and e-rickshaws and using the app to disable them, leaving them not only bewildered but also stranded.
And it wasn’t long before MeitY (Ministry of Electronics and Information Technology) directed the removal of three such malicious mobile apps – namely BAT-BMS, Lossigy, and Epoch-i-ion – from iOS and Android stores for obvious misuse concerns. However, these incidents did throw up a bunch of fresh concerns surrounding the cybersecurity of connected vehicles, with people asking the question – can EVs (electronic vehicles) be hacked so easily?

The Tech Behind The Viral E-Rickshaw Hack
All rechargeable lithium-ion battery packs, which are increasingly being used in e-rickshaws, have battery management systems (BMS), which work as their electronic brains. These small chips are a genuine safety feature, constantly monitor the battery’s charge levels, temperature, and voltage, cutting power immediately when something looks unsafe, like short circuit or overheating.
For this purpose, BMS employs tiny electronic switches, which it flips when it decides that the power needs to stop, and the vehicle loses power within milliseconds.
So, what’s the problem here? Many inexpensive battery manufacturers who operate at scale incorporate Bluetooth into the BMS. This convenience feature allows fleet operators, technicians, and owners to check battery health on their smartphone apps instead of actually having to open the battery casing. BAT-BMS is one such app, but it wasn’t designed for this purpose. It was designed chiefly for off-grid and solar battery systems, and just happened to be compatible with the same kind of BMS chip sitting in many e-rickshaw batteries.
The actual vulnerability is this: many of these budget battery units are shipped, sold, and installed without their Bluetooth connections having any set passwords in order to keep costs down. So, there’s no password protection or encryption on these units either. The result? Batteries being quietly broadcast over Bluetooth to any smartphone running compatible apps within a roughly 15-metre range.

How The Hack Actually Went Down – And Where The Security Concerns Lie
Since these BMS systems don’t have proper authentication, anyone within Bluetooth range can connect and disable the battery’s discharge function, which is what happened during the e-rickshaw hack. People opened the BAT-BMS app and connected to compatible e-rickshaw batteries via Bluetooth, and activated the discharge switch, remotely switching off vehicles.
Going further, NDTV ran a test on Epoch Li-ion, another such battery management app, on a compatible e-rickshaw. Not only were they able to switch off the vehicle through a single tap, but also the display went blank, and the driver couldn’t restart the vehicle until it was switched back on using the same app.
The reality? This concern might not be limited to a single app. Not surprisingly, the BAT-BMS app now seems to require a password before users can access the switch-off function.
Cybersecurity experts say this is a much more critical problem of how convenience is being prioritised over connected mobility, skipping even basic authentication. After all, the implications go well beyond e-rickshaws, with the same design philosophy existing across a wide range of IoT (Internet of Things) devices and platforms, including smart mobility solutions, autonomous systems, and even civilian drones, which can also be similarly hacked.
Plus, the phenomenal rise of cloud-connected features has only expanded the attack surface, creating a number of new entry points, making the issue one of poor implementation rather than sophisticated hacking.

Can EVs Be Hacked So Easily?
Modern EVs are basically computers on wheels, relying on cloud services, wireless connectivity, sensors, and software. Not surprisingly, the incident has raised concerns over whether electric vehicles can be hacked so easily and whether they’re so vulnerable. Basically, the biggest cybersecurity risk areas include Bluetooth connectivity, telematics apps, diagnostic systems, charging infrastructure, and OTA (over-the-air) software updates.
Since every connection is an attack surface, vehicle security should cover the entire vehicle lifecycle. As India pushes autonomous technology, smart transportation, and electric mobility aggressively, the e-rickshaw hack has underscored the urgency that cybersecurity needs to not be an afterthought, but be embedded into product design.
Regulators should consider mandatory authenticated Bluetooth pairing, greater supply chain and data flow transparency, eliminating default credentials, digitally and implementing signed firmware. Adopting a “secure-by-design” approach by complying with standards such as UN R155 and AIS-189, continuously monitoring vehicle security, conducting independent testing before launch, enforcing cybersecurity standards for suppliers, and securing every connected component needs to be the order of the day.
When it comes to consumers, it’s important to use strong passwords, update vehicle software and complementing apps, report unexpected shutdowns, check password protections, and avoid unofficial third-party apps. As we move closer to electric mobility, cybersecurity needs to become as fundamental as physical safety.
In case you missed:
- The Very First AI-Powered Ransomware Is Here. What Does It Mean For Cybersecurity?
- The Rise Of Wi-Fi 7: Elevated Connectivity For The New Age
- Passwords vs. Passkeys: What Should We Be Using?
- Decoding Backdoor Attacks in Cybersecurity
- Are Chatbots A Backdoor To The Next Big Hack?
- All About Cybersecurity-as-a-Service
- The Rise and Evolution Of Honeypots In Cybersecurity
- Chatting with ChatGPT? Be Warned – It Could Be A Downward Spiral
- All About Edge AI: A Comprehensive Look
- All About AI Prompt Injection Attacks









