The Indian government has removed three mobile applications—BAT-BMS, Lossigy, and Epoch-i-ion—after reports that they were being used to remotely disable e-rickshaws via Bluetooth. The "Tirri Control" prank involved individuals cutting power to vehicles mid-ride, highlighting critical cybersecurity flaws in low-cost, unsecured battery management systems commonly used in electric rickshaws.
Authorities have acted to pull three smartphone applications from app stores following a surge in viral videos showing e-rickshaws being remotely shut down.
The Indian government has ordered the removal of three mobile applications—identified as BAT-BMS, Lossigy, and Epoch-i-ion—after reports surfaced that they were being exploited to remotely disable battery-operated e-rickshaws. IT Secretary S. Krishnan confirmed the action on Friday, July 3, 2026, noting that the applications came to the government's attention following a wave of viral social media posts depicting the hazardous "Tirri Control" prank.
The Security Vulnerability
The issue stems from a critical security flaw in the low-cost Battery Management Systems (BMS) used in many budget e-rickshaws. These systems, often manufactured in China, are designed to communicate with smartphone applications via Bluetooth to monitor parameters like voltage and temperature. However, many of these units lack basic password protection or authentication protocols.
This technical oversight allows any user within a 10-to-15-meter radius to connect to the vehicle's battery via the now-removed applications. Once connected, a user can access a "discharge switch" intended for maintenance purposes, which, when toggled off, instantly cuts power to the motor. The result is a sudden and total loss of power, leaving drivers stranded in the middle of traffic.
Impact of the 'Tirri Control' Trend
The trend, colloquially termed "Tirri Control" by social media users, saw individuals recording themselves approaching unsuspecting e-rickshaw drivers, disabling their vehicles, and leaving them bewildered. Beyond the inconvenience, the practice has sparked significant safety concerns. Cyber law experts have warned that unauthorized access to a vehicle’s computer system constitutes a serious offense under the Information Technology Act, 2000, as it poses a direct threat to public road safety.
In response to the viral clips, the Delhi government directed its transport department to verify the authenticity of these claims. Transport Minister Pankaj Singh confirmed that officials were examining the matter to assess the extent of the security risk to the city’s growing electric vehicle (EV) fleet.
Official Sources
Ministry of Electronics and Information Technology (MeitY): IT Secretary S. Krishnan confirmed the removal of the applications and emphasized the need for greater scrutiny by app stores.
Delhi Transport Department: Directed by Transport Minister Pankaj Singh to investigate the vulnerability and the technical impact on e-rickshaws.
Government Sources: Reported by PTI, these sources identified the specific apps targeted for removal: BAT-BMS, Lossigy, and Epoch-i-ion.
Why It Matters
The incident highlights a broader cybersecurity gap in the burgeoning electric vehicle market. As India pushes for a transition to e-mobility, the reliance on unverified, low-cost hardware poses a challenge to consumer safety. The removal of these apps serves as a temporary fix, but experts urge manufacturers to mandate password protection on all Bluetooth-enabled battery systems to prevent future exploitation.
Key Facts at a Glance
Apps Removed: BAT-BMS, Lossigy, and Epoch-i-ion were ordered to be taken down from app stores.
Method of Exploitation: The apps connect via Bluetooth to unsecured battery management systems, allowing users to cut power to the motor.
Safety Risk: Sudden power loss in moving vehicles in high-traffic areas poses a significant danger to drivers, passengers, and pedestrians.
Legal Consequences: Unauthorized access to vehicle systems may violate Sections 43 and 66 of the Information Technology Act, 2000.
FAQ
Can any e-rickshaw be remotely shut down?
No, the vulnerability is limited to e-rickshaws using specific Bluetooth-enabled lithium battery management systems that lack password authentication.
Why did these apps have a "disable" function?
The discharge switch is a standard feature intended for mechanics to safely cut power during maintenance or repairs, not for remote vehicle operation.
How can I protect my e-rickshaw?
If your battery management system supports it, ensure a password is set for Bluetooth connectivity or disable the Bluetooth feature when not in use.
Are these apps still available?
The government has ordered their removal from major app stores; users are advised against downloading third-party tools that connect to vehicle hardware without proper authorization.
Source: India IPO, NDTV, Times of India