BAT BMS App Tirri Control: How It Works & How to Protect Your E-Rickshaw
The BAT BMS app is going viral for remotely disabling e-rickshaws via Bluetooth. Learn how the Tirri Control prank works, why cheap BMS units are vulnerable, and how to protect your EV.
Quick answer: The BAT BMS app is a legitimate Chinese battery management tool that has gone viral in India for a dangerous reason — pranksters are using it to remotely disable e-rickshaws (“tirris”) by connecting to unsecured Bluetooth battery systems and cutting off power. The app communicates with the battery’s Built-in Management System (BMS) over Bluetooth. If the BMS lacks password authentication — as many low-cost units do — anyone within 10-15 metres can connect and flip the discharge switch, instantly stopping the vehicle. Protection is straightforward: disable Bluetooth on the BMS, set a password if supported, or upgrade to a secure BMS.
Social media in India is flooded with “Tirri Control” videos showing people stopping moving e-rickshaws with a tap on their phone. The trend has sparked outrage, safety concerns, and a nationwide conversation about EV cybersecurity. This guide explains exactly how the exploit works, why it only affects certain vehicles, and what you can do to protect yourself.
What Is the BAT BMS App?
BAT BMS is developed by Shenzhen Grenergy Technology Co., Ltd. , a Chinese company specialising in battery management solutions. The app is freely available on both Google Play Store and Apple App Store under the package name com.bms.grenergy. It has over 100,000 downloads on Android alone.
The app is designed for a legitimate purpose — monitoring and managing Bluetooth-enabled lithium batteries. It provides real-time data on:
| Parameter | What It Tracks |
|---|---|
| State of Charge (SOC) | Current battery percentage |
| Voltage | Total pack voltage and individual cell voltages |
| Current | Charge and discharge current flow |
| Temperature | Battery pack temperature |
| Cycle Life | Number of charge/discharge cycles completed |
| Cell Balance | Voltage difference across individual cells |
This data is essential for battery owners — solar installers, boat owners, RV enthusiasts, and businesses using lithium battery banks. The app was never designed as a hacking tool. But a core feature — the ability to enable or disable battery discharge — is now being exploited.
How the “Tirri Control” Prank Works
The exploit follows a simple sequence that takes under 10 seconds to execute:
| Step | Action | Result |
|---|---|---|
| 1 | Phone scans for nearby Bluetooth devices | Detects broadcasting BMS units within 10-15 metres |
| 2 | BAT BMS app connects to the battery’s BMS | No password or authentication required on cheap units |
| 3 | User navigates to the discharge control setting | Interface shows a toggle switch for battery output |
| 4 | User flips the discharge switch to OFF | BMS opens the MOSFET circuit, cutting power |
| 5 | Vehicle loses motor power immediately | E-rickshaw stops moving, driver stranded |
The reason this works is straightforward: many low-cost Chinese Battery Management Systems ship with Bluetooth enabled, no password set, and the discharge control exposed through the BAT BMS app’s standard interface. No hacking, no exploit — the app simply uses the BMS as intended.
Technical Deep Dive: Why the Vulnerability Exists
What Is a BMS?
A Battery Management System is the “brain” of any lithium-ion battery pack. It monitors every cell, prevents overcharging and over-discharging, balances cells, and protects against short circuits. Without a BMS, lithium batteries are dangerous and short-lived.
The MOSFET Discharge Switch
Inside every BMS, there are MOSFETs (Metal-Oxide-Semiconductor Field-Effect Transistors) that act as electronic switches controlling whether power flows out of the battery. These MOSFETs are the physical component that the BAT BMS app toggles when you flip the discharge switch.
The BMS firmware exposes this switch over Bluetooth for legitimate reasons — a battery owner might need to cut power remotely for safety during maintenance or transport. The problem arises when this control is accessible without any authentication.
Why Chinese BMS Units Lack Security
Most budget e-rickshaws in India use Chinese-manufactured lithium battery packs with built-in BMS. These BMS units are designed for cost efficiency, not security:
- No password requirement — Bluetooth is open by default, and no PIN is set during manufacturing
- No encryption — Communication between app and BMS is plaintext
- No access control — Once connected, all features (including discharge control) are available
- Default pairing mode — The BMS continuously broadcasts its presence, making it discoverable
This combination creates a perfect vulnerability: discoverable, connectable, and controllable with zero authentication.
Range Limitation
The exploit has a physical limitation — Bluetooth range is approximately 10-15 metres. The prankster must be physically near the target vehicle. This means the attack cannot be performed remotely over the internet, only by someone within visual range.
Does This Affect Every Electric Vehicle?
No. The BAT BMS app only works with specific hardware. Here is a breakdown of which vehicles are affected:
| Vehicle Type | Vulnerable? | Reason |
|---|---|---|
| Lead-acid battery e-rickshaw | No | No BMS or Bluetooth |
| Premium lithium EV (Ola, Ather, Bajaj) | No | Proprietary BMS with authentication |
| Budget lithium e-rickshaw with Chinese BMS | Yes | Unsecured Bluetooth BMS |
| DIY-converted e-rickshaw with generic lithium pack | Yes | Often uses cheap Chinese BMS |
| Electric scooter with no-name battery | Yes | Same vulnerability applies |
Only vehicles with Bluetooth-enabled lithium battery BMS units that lack password protection are at risk. Most branded EVs from established manufacturers use secure, proprietary systems.
How to Protect Your E-Rickshaw
If you own or operate a lithium-battery e-rickshaw, here are practical steps to secure it.
1. Check if Your BMS Is Vulnerable
Download the BAT BMS app on your phone and walk near your parked vehicle. If the app discovers your battery and connects without a password prompt, your BMS is unsecured.
2. Disable Bluetooth on the BMS
Many BMS units allow you to turn off Bluetooth through a configuration tool or dedicated desktop software. Check with your battery supplier for instructions. Once Bluetooth is off, no app can connect.
3. Set a BMS Password
Some BMS firmware supports password protection even if it is not enabled by default. The BAT BMS app itself may allow you to set a password under device settings. If your BMS supports this, set a strong password immediately.
4. Upgrade to a Secure BMS
If your current BMS has no security features at all, replace it with one that supports password authentication and encrypted Bluetooth communication. The upgrade typically costs between ₹500 and ₹2,000.
5. Physically Secure the Battery Enclosure
If an attacker cannot physically access the BMS module inside the battery pack, they cannot reset or bypass it. Ensure your battery box is locked and tamper-proof.
6. Switch to Lead-Acid Batteries (Temporary Fix)
If you are unable to secure your lithium BMS immediately, consider temporarily switching to lead-acid batteries. They are heavier and less efficient but do not use Bluetooth BMS at all, making them immune to this exploit.
7. Report Suspicious Activity
If you experience sudden power loss and suspect someone is using the BAT BMS app nearby, look around for someone holding a phone near your vehicle. File a complaint with local police and report the incident to the cybercrime department.
Legal Implications
Using the BAT BMS app to disable someone else’s vehicle is not a harmless prank — it is a crime.
- Indian IT Act 2000, Section 43 — Unauthorised access to a computer resource (the BMS is a computer system) is punishable with fines and compensation
- Indian IT Act 2000, Section 66 — Computer-related offences carry imprisonment up to 3 years and fines up to ₹5 lakhs
- IPC Section 336 — Any act endangering the life or personal safety of others is punishable with imprisonment up to 3 months or fine
- Motor Vehicles Act 1988 — Tampering with a vehicle’s systems could lead to prosecution
Several petitions are circulating to ban the BAT BMS app in India. However, the app itself is a legitimate tool — the real issue is insecure BMS hardware. A ban would be hard to enforce, and it would not fix the underlying security gap.
What India’s EV Industry Must Learn
This incident highlights a critical gap in India’s EV ecosystem. As the country pushes for rapid electrification, security standards for battery systems have not kept pace.
| Issue | Current State | What Is Needed |
|---|---|---|
| BMS authentication | None on budget units | Mandatory password/BLE encryption |
| Bluetooth security | Open by default | Pairing required, encryption enforced |
| Discharge control access | Exposed without authorisation | PIN or biometric confirmation required |
| Firmware updates | Rarely available | OTA update mechanism with security patches |
| Regulatory oversight | No standards for BMS cybersecurity | BIS or ARAI certification for BMS security |
The BAT BMS controversy is a wake-up call. As more Indians adopt electric vehicles — e-rickshaws alone number over 15 lakhs in the country — the security of their battery systems can no longer be an afterthought.
Conclusion
The BAT BMS “Tirri Control” trend is a dangerous viral phenomenon that exposes a real vulnerability in India’s budget EV ecosystem. The fix is not to ban the app — it is to demand better security from battery manufacturers. If you own an e-rickshaw, check your BMS today. Set a password. Disable Bluetooth if possible. And report any misuse you witness.
India’s EV transition must be built on safety, not just speed. This incident should push regulators, manufacturers, and owners to take battery cybersecurity seriously.
Need help securing your EV fleet or business IT infrastructure? Contact DigiHaryana for cybersecurity consulting and IT solutions tailored for Indian businesses.
Frequently Asked Questions
Q1: What is the BAT BMS app? A1: BAT BMS is a legitimate battery management app developed by Shenzhen Grenergy Technology. It monitors Bluetooth-enabled lithium batteries — tracking voltage, temperature, charge levels, and cycle life. It also allows users to enable or disable battery discharge.
Q2: Can the BAT BMS app really stop an e-rickshaw? A2: Yes, but only if the e-rickshaw uses a compatible Bluetooth-enabled lithium battery BMS with no password protection. The app connects to the BMS and flips the discharge switch off, cutting power to the motor and stopping the vehicle.
Q3: How do I protect my e-rickshaw from the BAT BMS app? A3: Turn off Bluetooth on the BMS if possible, set a strong password on the BMS, upgrade to a BMS with authentication, physically secure the battery enclosure, or switch to a lead-acid battery which does not use Bluetooth BMS.
Q4: Is every e-rickshaw vulnerable to this attack? A4: No. Only e-rickshaws with cheap Chinese Bluetooth-enabled lithium battery BMS units that lack password authentication are vulnerable. Lead-acid battery rickshaws and premium EVs with secure BMS are not affected.
Q5: Is the BAT BMS app illegal to use? A5: Using the app to disable someone else’s vehicle is illegal under Indian IT Act 2000 (unauthorised access to a computer resource) and IPC Section 336 (act endangering life or personal safety of others).
Q6: Should the BAT BMS app be banned? A6: The app itself is a legitimate tool. The real issue is weak security in low-cost BMS units. The fix is better BMS security standards, not banning the app.
Q7: Which vehicles use Bluetooth BMS that could be vulnerable? A7: Many budget e-rickshaws and electric two-wheelers using Chinese lithium battery packs with Bluetooth-enabled BMS are potentially vulnerable, especially those without password authentication on the BMS.
How the BAT BMS App Actually Works: Attack Flow
The exploit relies on Bluetooth Low Energy (BLE) communication between the app and the battery’s BMS. Here is the exact technical sequence:
-
Discovery — The BMS continuously broadcasts BLE advertising packets with a known UUID (
0000ffe0-0000-1000-8000-00805f9b34fb). The BAT BMS app scans for these signals within 10-15 metres. -
Connection — The app sends a BLE connection request to the discovered BMS. On cheap units, this is accepted without any PIN, password, or authentication.
-
Service Discovery — Once connected, the app queries the BMS for its available services and characteristics. It finds read/write handles for battery data (voltage, temperature, SOC) and control functions (discharge on/off).
-
Parameter Read — The app reads the current battery status: voltage, current, temperature, individual cell voltages, and the current state of the discharge MOSFET (on/off).
-
Command Execution — The app writes to the discharge control characteristic (typically writing
0x00to a specific handle). This signals the BMS firmware to open the MOSFET circuit. -
Power Cut — The MOSFETs open, breaking the circuit between the battery cells and the output terminals. The motor instantly loses power and the vehicle stops.
-
Re-Pairing Prevention — Some BMS units remain in a locked state after a remote shutdown, requiring the owner to physically reset the battery or use the app themselves to re-enable discharge.
Prevention Checklist
- Set a BMS password via manufacturer software (look for “PIN” or “Password” setting)
- Disable Bluetooth broadcast if you do not need continuous monitoring
- Verify your BMS firmware supports encrypted pairing
- Use tamper-evident seals on the battery enclosure
- Register your battery with the manufacturer for firmware update alerts
- Report suspicious power loss incidents to your local cybercrime cell
Need expert help? Learn how our IT consulting services can help you secure your business systems.
Related Articles
How to Build an AI Chatbot for Your Business
A complete guide to building and deploying an AI chatbot for customer service, lead generation, and internal support using modern LLM tools.
ChatGPT vs Claude vs Gemini: Which to Use
Compare ChatGPT, Claude, and Gemini across features, pricing, use cases, and performance. Find the best AI assistant for your business needs.
How AI is Changing SEO in 2026: Key Trends & Tips
Explore how artificial intelligence is transforming search engine optimization, from AI Overviews to content creation and ranking algorithms.
Get Professional IT Consulting Services
Reduce IT spend waste by 25% — vendor-neutral strategy, digital transformation, and 3-5 year technology roadmaps.