Unsecured Bluetooth Apps Turned Into Dangerous 'Kill Switches' for Delhi E-Rickshaws
Indian social media platforms are witnessing a troubling surge in viral videos documenting a highly malicious and hazardous street prank across the National Capital Territory. Content creators are capturing heartbreaking footage of electric rickshaws (locally known as "tirris" or "batteries") abruptly cutting off mid-transit, forcing distressed drivers to tow or push their heavy vehicles to local repair shops. Far from a random mechanical glitch, this disruption is driven by a tech-savvy exploit targeting vulnerable public transit infrastructure, drawing immense online backlash as it directly damages the livelihoods of daily-wage gig workers.
The BAT-BMS Vulnerability: How Mobile Apps Remotely Kill Ignition
The root cause of these disruptions stems from the widespread deployment of low-cost, third-party energy components. Young pranksters and tech enthusiasts are using specialised mobile utility apps, primarily BAT-BMS and Lossigy, to scan for nearby Bluetooth-enabled lithium-ion battery packs. Developed by Chinese engineering firms as genuine diagnostic tools for monitoring battery voltage, temperature, and cell health, these applications include a legitimate administrative feature that allows users to toggle the master "discharge" switch to cut power output during maintenance.
The critical issue is the absence of basic cybersecurity protocols in budget electronic fleets. Because many aftermarket Chinese-manufactured Battery Management Systems (BMS) are deployed in India with default open Bluetooth settings—completely lacking passwords, pairing keys, or device authentication—anyone within a 10- to 15-meter range can pair with the vehicle. By connecting to the unencrypted firmware, a passerby can remotely flip the discharge toggle. This instantly cuts off the motor's power supply and wipes out the driver's digital dashboard display, turning off the ignition until the parameters are toggled back on via a smartphone.
Tragic Economic Exploitation and Severe Road Safety Concerns
While digital creators post warnings to spread awareness among transport workers, the real-world impact remains devastating. Many affected operators drive rented e-rickshaws, paying hefty daily leases of around ₹450. When their ignition abruptly dies mid-route, passengers typically abandon the ride, paying only partial fares. Unaware of the digital hijacking, vulnerable drivers lose their entire day's earnings, with reported daily losses ranging from ₹400 to ₹500, and often end up paying bystanders or local mechanics out of pocket to "fix" a non-existent hardware failure.
Cybersecurity experts and commuters have issued urgent public safety warnings, noting that cutting off a moving vehicle's engine in heavy, highly congested Delhi traffic can easily lead to fatal rear-end collisions. Notably, the vulnerability is highly specific: older e-rickshaws running on legacy lead-acid batteries remain completely immune, as do newer lithium-powered vehicles running on secured, proprietary major-brand software systems that require strict administrative authentication.
Government Intervention: Transport Department Launches Urgent Crackdown
The sudden spike in these viral "revenge pranks" has prompted swift legal action from regional authorities. The Delhi Transport Department has launched an urgent, comprehensive investigation into the accessibility and technical risks associated with the BAT-BMS and Epoch Li-ion applications. Transport Minister Pankaj Singh confirmed that officials are actively verifying field data to map out regulatory guidelines and potential restrictions on unsecured Battery Management Systems.
At the same time, reports indicate that the Union Ministry of Electronics and Information Technology (MeitY) is closely monitoring the development to address the broader regulatory failure to secure connected consumer hardware imported into the country. Until mandatory firmware passwords or software patches are implemented across local electronic fleets, we're educating drivers on workaround apps to regain remote control of their vehicles.
