The app that could stop your ride mid-street

E-rickshaw kill switch app: 8 Shocking Facts Behind the Safety Scare

The sudden emergence of a malicious e-rickshaw kill switch app trend demonstrates that no advanced hacking skills or specialized physical equipment are required—just an app, an unsecured Bluetooth connection, and a vulnerable vehicle battery block are all it took to leave a driver stranded dead in the middle of the road.

01 Inside the e-rickshaw kill switch app controversy

Over the past few weeks, videos began circulating across Indian social media showing people — often teenagers — walking up to moving e-rickshaws, tapping something on their phones, and watching the vehicle lose power instantly. Drivers were left stranded in traffic, sometimes with passengers still on board.

The core vulnerability exploited by the malicious e-rickshaw kill switch app variants traces back to Bluetooth-enabled Battery Management Systems (BMS) fitted inside many budget lithium-ion battery packs. These systems are meant to let owners monitor voltage, temperature, and charge levels through a companion app. The problem: on many cheaper units, that Bluetooth connection had no password and no authentication — meaning anyone within 10–15 metres could connect to it using a compatible app and flip the battery's "discharge" switch, killing power to the motor on the spot.

  • Three tools were named in the investigation: the primary e-rickshaw kill switch app variants known as BAT-BMS, Epoch Li-ion, and Lossigy.
  • BAT-BMS alone had crossed 100,000+ downloads on Google Play before removal.
  • Only lithium-ion e-rickshaws with unsecured BMS units were vulnerable — older lead-acid battery models have no Bluetooth at all.
  • Some pranksters allegedly locked batteries and then charged drivers ₹100–₹300 to "unlock" them again.
  • Police in Ujjain detained an 18-year-old suspect allegedly behind some of the disabling and the viral posts.
EARLY JUNE
Drivers report mystery shutdowns, suspect battery failure
LATE JUNE
Viral videos surface; drivers' association files complaints
JUL 2–3
Ujjain Police detain a suspect; MeitY opens formal probe
JUL 3–4
Centre orders takedown of all three apps from app stores

If you drive an e-rickshaw: change your battery's default Bluetooth password immediately if it has one. If your vehicle stops suddenly, do not pay any stranger claiming to "fix" it — contact an authorised service centre, or report it via Dial 100/112 or the Cyber Helpline 1930.

02 Why this became a national story

For the drivers affected, this was never really a prank. E-rickshaw drivers typically earn on a per-trip, per-day basis, and many rent their vehicles. A sudden shutdown mid-route meant lost fares, stranded passengers, and in a few filmed cases, a driver pushing a dead rickshaw for kilometres through traffic.

"Some people are locking the battery using the app. If the e-rickshaw stops on the main road, it becomes a major safety risk. Police should take action against such app users."

— an e-rickshaw driver from the National Capital Region, speaking to PTI

Beyond the immediate disruption, the incident exposed something bigger: thousands of budget e-rickshaws running on Bluetooth hardware with essentially no security layer, in a country where electric mobility insights show the green transit ecosystem is expanding fast. The Ministry of Electronics and Information Technology (MeitY) called it a cybersecurity issue as much as a road-safety one.

03 What the government did to counter the e-rickshaw kill switch app

App takedown ordered

The Centre directed Google Play and Apple's App Store to remove BAT-BMS, Epoch Li-ion, and Lossigy. BAT-BMS had already vanished from the App Store earlier; its Play Store removal came days later.

MeitY investigation opened

The ministry began examining the apps' security practices and compliance with Indian rules, with officials saying further harmful apps would be blocked if found.

Police action in Madhya Pradesh

Ujjain Police detained a suspect accused of disabling e-rickshaws late at night and, in some cases, charging drivers to restart them.

Advisory to drivers

Police urged drivers not to pay strangers offering to "fix" a stopped vehicle, and to report suspicious individuals instead of engaging with them directly.

04 Why experts say the e-rickshaw kill switch app danger isn't over

The hardware flaw remains

Removing the apps doesn't fix unsecured Bluetooth BMS units already installed on thousands of e-rickshaws. The vulnerability sits in the battery, not just the software.

Default passwords are common

Many budget battery packs, often imported cheaply, ship with no password or an easily guessed default — leaving them exposed even without the named apps.

New apps can appear

Any compatible battery-monitoring app could technically be repurposed the same way; officials have said similar apps will be blocked "if found," which is reactive, not preventive.

No mandatory security standard yet

There is currently no rule requiring Bluetooth-enabled EV battery systems in India to include basic authentication before allowing critical functions to be changed.

05 Pros and cons of the government's response

What worked

  • Fast, visible action after public outrage
  • Removed the specific apps used in most viral incidents
  • Opened a formal MeitY security investigation
  • Police follow-through with an actual detention
  • Clear driver-facing safety advisory issued

What's still missing

  • No fix for the underlying unsecured hardware
  • No mandatory authentication standard announced
  • Drivers have no easy way to check their own risk
  • Rental drivers remain especially exposed
  • Copycat apps aren't pre-emptively blocked

06 Who this affects

GroupWhat changes for them
E-rickshaw driversShould check if their battery's Bluetooth is password-protected, and know not to pay strangers to "restart" a stopped vehicle.
Battery manufacturersFace pressure to build in authentication by default rather than leaving it optional or absent.
App developersAny battery-monitoring app with remote-control features is now under closer regulatory scrutiny.
PolicymakersPressure is building for a mandatory cybersecurity standard covering connected EV components, not just this one incident.

07 FAQs regarding the e-rickshaw kill switch app

Q. How were vehicles turned off using the e-rickshaw kill switch app?

Through unsecured Bluetooth-enabled Battery Management Systems. A nearby smartphone running a compatible app could connect without any password and trigger the battery's discharge switch, cutting power instantly.

Q. Are all e-rickshaws at risk?

No. Vehicles running older lead-acid batteries have no Bluetooth and aren't affected. Even among lithium-ion models, only those with unsecured or default-password BMS units are exposed.

Q. Which apps were involved?

Government orders named three: BAT-BMS, Epoch Li-ion, and Lossigy. All three were ordered removed from app stores.

Q. Has anyone been arrested?

Ujjain Police detained an 18-year-old suspect in connection with disabling e-rickshaws and posting the videos online. The investigation is ongoing.

Q. What should a driver do if this happens to them?

Avoid paying any stranger who offers to "fix" the vehicle. Contact an authorised service centre or technician, and report suspicious individuals via Dial 100/112 or the Cyber Helpline 1930.

Q. Does removing the apps solve the problem?

Not fully. Experts note the real flaw is the unsecured hardware itself. Until battery systems require proper authentication by default, similar risks could resurface through alternative smart device management systems.

08 The bigger picture

This episode is a small but telling preview of a much larger challenge. As India's electric mobility sector grows quickly, more and more everyday vehicles are becoming "connected" devices — which means they inherit the same security weaknesses that have plagued smart-home gadgets and IoT devices for years. A discharge switch designed for convenience became, in the wrong hands, a way to strand a driver mid-shift and demand money to undo it.

Bottom line: the apps are gone for now, but the unsecured hardware that made this possible is still sitting inside thousands of e-rickshaws. Real safety here depends on battery makers building in authentication by default — not just on banning the apps that exploited its absence.

Sources: BusinessToday · The Week · Pragativadi · Asian Mirror · Techlusive · Siasat — reporting from early July 2026.

Leave a Comment

Your email address will not be published. Required fields are marked *