E-Rickshaws: A Chinese battery management app called BAT-BMS has gone viral on Indian social media after users discovered they could connect with nearby e-rickshaws via Bluetooth and disable them remotely, raising serious concerns about cybersecurity, public safety and the security of electric vehicles.
This Image is Illustration only | made by AI
Alarm bells have started ringing across India over a new social media trend involving a Chinese smartphone application called BAT-BMS after videos surfaced on the internet showing users remotely shutting down e-rickshaws through Bluetooth connectivity. The trend—popularly known on the internet as ‘Tirri Control’—has gone viral on Instagram, YouTube, Reddit and X, where content creators film themselves approaching parked or moving e-rickshaws, accessing their battery management system through the BAT-BMS app, and shutting down the vehicle by turning the battery discharge function off.
The prank leaves several e-rickshaw drivers confused and stranded, and cybersecurity experts warn that what may appear to be harmless entertainment could expose serious vulnerabilities in India’s fast-growing electric vehicle ecosystem. As the videos mount, concerns are emerging regarding the security standards of Bluetooth-enabled battery management systems found in many low-cost electric vehicles.
Why and How the Viral Trend Started
The BAT-BMS application was originally created as a battery management tool to monitor and configure lithium battery systems. A lot of low-cost lithium battery pack manufacturers use Bluetooth-enabled Battery Management Systems (BMS) that let owners or technicians check battery health, charge cycles, voltage and temperature through smartphone apps.
However, social media users recently found that many of these battery systems are not properly authenticated or password protected. The BAT-BMS app can be used by anyone within a certain range of an e-rickshaw to scan for Bluetooth devices nearby, connect to an unsecured battery and access basic controls.
The most abused and controversial feature is the “Discharge Switch.” As soon as it is switched off, the battery stops powering the vehicle and the e-rickshaw is basically shut down. Many of the videos that have gone viral show drivers who have no idea what has happened and think their vehicle has suddenly developed a mechanical or electrical fault.
The prank has quickly evolved into what users refer to as ‘Tirri Control,’ and creators are posting videos with humorous captions such as ‘Bohot pareshan kiya hai tirri walon ne ab inki baari.’ The trend is meant to be humorous but has been criticized for preying on drivers that rely on their cars for their daily livelihood.
Social Media Amplifies the Prank
Short video platforms have given the trend incredible momentum. Influencers and content creators have posted videos of themselves looking for nearby Bluetooth-enabled cars, then disabling them in seconds.
There are even tutorial videos on how to identify compatible battery systems and how to use the BAT-BMS app. This has raised public awareness of the vulnerability significantly and promoted copycat behaviour.
Tech experts say the videos normalize the idea of hacking into connected devices and could lead to more serious abuses than harmless pranks.
Experts Raise Serious Cybersecurity Concerns
The problem goes way beyond social media fun and games, cybersecurity experts say.
A lot of inexpensive EVs use off-the-shelf battery management systems from third-party manufacturers. If the systems lack authentication or encryption, an unauthorized user could access the system just by being within Bluetooth range.
This highlights a more general Internet of Things (IoT) security issue that experts say is often influenced by convenience over cybersecurity in product development.
A cybersecurity researcher who specializes in embedded systems that use Bluetooth said that apps to manage batteries should require pairing the device, authenticating the password, encrypting communications and authorizing the owner before allowing critical functions like shutting down the battery.
“If anyone can disable a vehicle without authentication, that’s not a software bug—it’s a serious design flaw that manufacturers should fix immediately,” the expert said.
Also read:Honey Rose Receives Public Apology From Boby Chemmanur After Harassment Case
Impact on E-Rickshaw Drivers
India’s millions of e-rickshaw drivers aren’t laughing at the viral prank.
Many drivers rely on their electric vehicles as their primary source of daily income. Even temporary disruptions can lead to financial losses, delayed passengers and damaged customer trust.
Some drivers who’ve seen the viral videos said they were frustrated they didn’t know strangers could access their battery systems.
The possibility of random users remotely disconnecting batteries has raised fresh concerns in crowded markets, railway stations and residential neighborhoods where hundreds of e-rickshaws operate.
Some drivers are now going to battery dealers to ask them to disable Bluetooth functionality or password protect their battery systems where possible.
Background
India is now one of the biggest markets for electric three-wheelers in the world. Government initiatives encouraging cleaner transport, rising fuel prices and low-cost lithium battery technology have enabled e-rickshaws to be scaled up quickly in urban and rural spaces.
Industry estimates suggest that there are millions of electric three-wheelers on the roads across the country, offering cheap transport and creating jobs for drivers.
To ease maintenance, many battery manufacturers have added Bluetooth capability so that technicians can diagnose battery health without having to open the battery casing.
But the recent controversy over BAT-BMS highlights the security risks that can arise from convenience features when manufacturers fail to implement adequate safeguards.
Timeline of Events
The BAT-BMS application is a battery monitoring tool for technicians and battery manufacturers that has been in existence for several years.
Recently, Indian social media users began sharing videos of how nearby Bluetooth-enabled batteries could be accessed without permission.
Soon after, hashtags related to “Tirri Control” began trending across Instagram, Reddit, YouTube Shorts and X.
When the videos went viral, the internet exploded with cybersecurity talk, experts demanding better Bluetooth security by manufacturers, and users debating the legality and morality of the prank.
Why This Matters
This incident illustrates a much bigger problem with connected technology.
India is rapidly adopting electric mobility, smart devices and Internet-connected infrastructure. These innovations make life easier but also create new cybersecurity challenges.
If today cars can be disabled remotely by unauthorized people, then other connected devices may be vulnerable tomorrow.
This issue is very important because it shows that cybersecurity is no longer limited to computers and smartphones alone. Wireless communication and digital systems and software are now vital for daily transportation and need to be protected.
The controversy also raises legal issues. If you access someone else’s electronic device without permission, even as a prank, it may be an offense under the Information Technology Act of India or any other applicable law depending on the circumstances and the damages caused.
India Angle
The story resonates with Indian audiences as e-rickshaws have become an important mode of public transport.
Delhi, Lucknow, Patna, Kolkata, Kanpur, Varanasi and many smaller towns rely heavily on electric rickshaws for cheap last-mile connectivity.
The vulnerability in these vehicles affects local businesses, drivers and commuters.
The incident also highlights the need for India’s electric vehicle ecosystem to focus on cybersecurity along with affordability and performance. As governments increasingly push for the uptake of EVs, manufacturers may face increased pressure to improve digital safeguards.
Analysis
From a digital journalism and technology perspective, this story is indicative of how quickly ordinary software tools can be turned into viral social media trends when combined with curiosity and online engagement.
The BAT-BMS application was not necessarily made for bad intentions. Instead, the row is about poor security implementations in some battery systems with Bluetooth that allow for unauthorized access.
The viral nature of “Tirri Control” also shows the power of short-form content platforms where pranks can spread faster than conversations about their impact. To many viewers these are just some funny videos but in reality, trying to disable a running vehicle without authorization can be an annoyance to drivers, a disruption to livelihoods, and even a safety hazard if done while vehicles are in operation. The story also covered by The print
Manufacturers, battery suppliers and software developers should take this episode as a wake-up call. Security-by-design should be a standard feature, not an optional upgrade. Password security, encrypted Bluetooth communication, verification of device ownership, and firmware updates could greatly reduce the risk of a third party gaining access.
What Next?
Industry experts expect battery makers to consider the security design of Bluetooth-enabled Battery Management Systems following increased public awareness.
Some makers may have firmware updates or may tell you to turn Bluetooth off when you don’t need it. Others may add password protection or better authentication protocols to future battery models.
Government agencies and cybersecurity bodies may also look at setting minimum security standards for connected electric vehicles and battery management systems sold in India.
Social media platforms could come under fresh pressure to crack down on videos that encourage people to interfere with vehicles or electronic devices without permission.
Drivers will also probably become more conscious of battery security and may turn to technical help to secure their systems against unauthorized Bluetooth access.
Conclusion
The BAT-BMS controversy is not just another internet viral prank. It points to a major cybersecurity vulnerability in India’s fast-growing electric vehicle ecosystem and shows how connected technology can be abused if security precautions are overlooked.
The trend has entertained millions online, but it has real-world consequences. E-rickshaw drivers depend on their vehicles to function smoothly and without any interruptions for their livelihood, and any unauthorized shutdown can lead to financial losses, inconvenience to passengers and legitimate safety concerns.
With India moving towards electric mobility, the cybersecurity has to evolve with innovation.” Manufacturers, software developers, regulators and consumers all have a role to play in ensuring that connected vehicles are not only efficient but also secure. The viral “Tirri Control” trend may one day disappear from social media, but the lessons it imparts about digital safety and responsible technology use are likely to remain relevant for years to come.


