A growing cybersecurity concern has emerged in India’s rapidly expanding e-rickshaw sector after viral social media videos appeared to show people remotely switching off moving vehicles using smartphone apps.
The incident has sparked concerns among drivers, passengers, manufacturers, and government authorities over the security of connected battery systems.
The controversy centers on certain Bluetooth-enabled lithium-ion battery packs that reportedly lack basic authentication, allowing nearby smartphones to connect through battery management applications.
What Is the E-Rickshaw ‘Kill Switch’ Issue?
The viral videos show individuals approaching e-rickshaws and allegedly disabling them using mobile applications such as BAT-BMS and Lossigy. According to reports, these apps can connect to some Battery Management Systems (BMS) installed inside lithium-ion batteries.
In a reported demonstration conducted with the driver’s permission, a smartphone connected to the battery management system and switched off the vehicle with a single tap. The vehicle could only be restarted through the same application rather than the ignition key.
The incident has raised fresh concerns about the cybersecurity of connected transport systems.
Why Does This Happen?
Battery Management Systems are designed to monitor important battery functions, including:
- Battery voltage
- Temperature
- Charging status
- Current flow
- Overall battery health
Many manufacturers provide Bluetooth connectivity so technicians can diagnose battery issues during servicing.
However, experts say that some battery systems reportedly do not require password authentication before allowing nearby devices to connect. If confirmed, anyone within Bluetooth range could potentially access certain battery controls.
Not Every E-Rickshaw Is Affected
Industry experts emphasize that the vulnerability does not affect every e-rickshaw.
Vehicles that continue to use traditional lead-acid batteries are not vulnerable because they do not include Bluetooth-enabled Battery Management Systems.
Even among lithium-ion models, only those using specific unsecured BMS hardware may be exposed. Several manufacturers use proprietary software or additional security measures that prevent unauthorized access.
Drivers Report Growing Concerns
Several e-rickshaw drivers say they have experienced unexplained shutdowns during trips over recent months.
Some drivers initially believed their batteries had failed before discovering the issue involved Bluetooth connectivity. Others expressed concern that sudden power loss in busy traffic could increase the risk of road accidents and leave passengers stranded.
Drivers who rent their vehicles may face greater difficulties because many do not have smartphones or access to the applications required to restart affected battery systems.
Government Begins Investigation
The issue has now attracted government attention.
Officials said the Ministry of Electronics and Information Technology (MeitY) is examining the reported vulnerability.
Delhi Transport Minister Pankaj Singh also said the department has been directed to verify the claims after concerns were raised by members of the public.
Authorities are expected to determine whether additional cybersecurity safeguards or regulatory measures are required for connected battery systems used in electric vehicles.
Experts Call for Better Cybersecurity Standards
Cybersecurity specialists say the incident highlights broader concerns surrounding connected consumer devices.
Experts note that Bluetooth-enabled equipment should include secure authentication before allowing users to modify critical functions. They also stress that cybersecurity standards should become a mandatory part of connected hardware entering the Indian market.
The case serves as a reminder that as electric mobility grows, digital security will become just as important as mechanical safety.
Apps Under Scrutiny
The report names two battery management applications:
- BAT-BMS
- Lossigy
One of the apps was reportedly unavailable on Apple’s App Store at the time of publication, while the other remained accessible. Authorities have not announced any enforcement action against the applications.


























