A viral social media trend involving a Chinese mobile application has triggered widespread concern after users demonstrated how they could remotely switch off electric three-wheelers, commonly known as e-rickshaws or 'tirris', in the middle of busy roads. What initially appeared to be a prank has quickly evolved into a serious public safety issue, prompting questions over the cybersecurity of connected electric vehicles and the lack of safeguards in battery management systems.
Videos circulating across Instagram, YouTube and other social media platforms show youngsters downloading an app called BAT-BMS, connecting it to nearby e-rickshaws, and remotely turning off the vehicles while they are in motion. The sudden shutdown leaves drivers confused and passengers stranded, with many incidents occurring on active roads where abrupt stoppages could potentially lead to accidents.
The trend has drawn criticism from cybersecurity observers, vehicle owners and social media users alike, who warn that the misuse of connected vehicle technology could have dangerous, even life-threatening consequences.
What is the BAT-BMS app?
BAT-BMS is a mobile application developed to work alongside Battery Management Systems (BMS) installed in certain electric vehicles, particularly low-speed electric three-wheelers. A BMS monitors and manages battery health, charging, temperature, voltage and overall performance.
The app enables owners and authorised users to monitor battery statistics and, in many cases, remotely control certain vehicle functions. These features are intended to assist with maintenance, diagnostics and anti-theft measures.
However, reports suggest that the app's implementation in several e-rickshaws lacks adequate authentication mechanisms, allowing unauthorised users to connect to nearby vehicles if the battery system is discoverable over Bluetooth.
The result is a significant security loophole that has now become the centre of a growing online prank trend.
How the prank works
According to multiple demonstrations shared online, pranksters simply install the BAT-BMS application, enable Bluetooth on their phones and search for nearby compatible vehicles.
If a compatible battery system appears, the app can establish a connection without requiring robust identity verification in several cases. Users can then access control options that allow them to switch off the vehicle remotely or alter certain battery settings.
Several viral videos show content creators approaching moving or parked e-rickshaws, connecting to their systems and switching them off from a distance while filming the bewildered reactions of drivers.
Some social media users have even treated the activity as a challenge, encouraging others to replicate it.
While the videos are often presented as harmless entertainment, experts warn that disabling a vehicle travelling on public roads could have severe consequences.
Why experts are worried
The biggest concern is not the prank itself but the underlying vulnerability that makes it possible.
If a connected battery management system can be accessed by anyone within Bluetooth range without proper security protocols, the issue extends beyond social media mischief. It exposes critical vehicle functions to unauthorised control.
Cybersecurity professionals note that even though most affected vehicles are low-speed electric three-wheelers, an unexpected shutdown can still place drivers, passengers and surrounding traffic at risk.
An e-rickshaw that suddenly loses power while crossing an intersection, navigating traffic or carrying schoolchildren or elderly passengers could easily become involved in an accident.
Experts argue that connected mobility systems should incorporate secure authentication, encrypted communication and owner authorisation before allowing any remote commands to be executed.
Why are only some vehicles affected?
Not every electric vehicle can be controlled through the BAT-BMS application.
The issue appears to affect only those e-rickshaws and electric three-wheelers that use compatible Battery Management Systems manufactured by companies integrating BAT-BMS software. Vehicles using different battery controllers or brands remain unaffected.
The vulnerability is therefore linked to specific hardware-software combinations rather than electric vehicles in general.
Nevertheless, the growing popularity of connected battery management systems means similar weaknesses could emerge elsewhere if manufacturers fail to prioritise cybersecurity.
Social media turns a security flaw into viral content
The controversy highlights how quickly technical vulnerabilities can transform into internet trends.
Dozens of short-form videos have accumulated millions of views by showing unsuspecting drivers reacting after their vehicles unexpectedly stop working. Many creators present the clips as harmless pranks, while comment sections are filled with users asking where to download the application.
At the same time, a growing number of internet users have criticised the trend, pointing out that disabling public transport vehicles without permission is irresponsible and potentially dangerous.
Several users warned that such actions could cause serious injuries or even fatalities if performed in traffic.
Others questioned why an application with remote control capabilities could be accessed so easily by strangers.
Broader cybersecurity questions
The incident has reignited discussions about cybersecurity standards in India's rapidly expanding electric mobility ecosystem.
Unlike passenger cars from established manufacturers, many low-cost electric three-wheelers rely on third-party battery systems sourced from different suppliers. Security practices vary considerably between manufacturers, and comprehensive cybersecurity testing is not always prioritised.
As electric vehicles become increasingly connected through Bluetooth, mobile apps and cloud-based services, experts say cybersecurity must become as important as mechanical safety.
Battery management systems now perform functions beyond simply monitoring battery health. Many can control charging, diagnostics, firmware updates and operational settings, making them attractive targets if not adequately secured.
The BAT-BMS controversy illustrates how vulnerabilities in these systems can directly affect real-world safety.
Who is responsible?
The incident raises questions for multiple stakeholders.
Manufacturers may need to strengthen authentication protocols, restrict Bluetooth discoverability and require secure pairing before allowing any remote access.
Battery suppliers could issue firmware updates to eliminate unauthorised connections where technically feasible.
Dealers and service centres may also need to educate vehicle owners about available security settings and software updates.
Regulatory authorities could examine whether connected electric vehicle components require mandatory cybersecurity standards similar to safety regulations governing braking systems, lighting and other vehicle equipment.
What vehicle owners can do
Until manufacturers address the issue, owners of compatible e-rickshaws may be able to reduce risks by limiting unnecessary Bluetooth connectivity, installing official software updates when available and consulting authorised service centres regarding battery management system settings.
Experts also advise against downloading unofficial versions of battery management applications or granting access to unknown users.
A prank with potentially serious consequences
While many viral videos portray the BAT-BMS trend as harmless fun, the episode underscores how digital vulnerabilities can quickly spill into the physical world.
What began as a social media prank has exposed broader concerns about the security of connected electric vehicles, particularly those used daily by thousands of drivers for public transport and livelihood.
As India's electric mobility sector continues to expand, the incident serves as a reminder that convenience features such as smartphone connectivity must be matched with equally robust cybersecurity protections.
Until manufacturers close these vulnerabilities, what seems like a joke on social media could continue posing real risks on public roads.
With inputs from agencies
Image Source: Multiple agencies
© Copyright 2026. All Rights Reserved. Powered by Vygr Media.












