On Wednesday (April 15), the Foundation for the Defense of Democracies (FDD), a non-partisan nonprofit research institution focused on US national security and foreign policy, released a detailed report highlighting the potential threat of the Chinese Communist Party (CCP) using smart home devices in the United States to collect data on Americans, which could in turn be used to disrupt US military and critical infrastructure.
The report suggests that whenever American smart devices are connected to the internet, data of American citizens could be quietly transmitted to the CCP. This is because these devices rely on components known as cellular modules to access the internet.
Currently, Chinese companies Quectel and Fibocom hold nearly half of the global market share. Both congressional investigations and independent reports in the United States have pointed out that these Chinese-manufactured modules pose a significant threat to national security.
The impact extends beyond private households, as the US power grid, ports, hospitals, transportation networks, and even container crane systems at ports all depend on these cellular modules for normal operation. In theory, device manufacturers could not only conduct software and hardware updates remotely through over-the-air (OTA) technology but also collect massive amounts of data and even remotely shut down the devices they are integrated into.
The report raises a serious hypothesis: in the event of a crisis in the Taiwan Strait, the CCP could potentially disrupt US military mobilization by controlling communication modules in the continental United States. Alternatively, during a crisis, the CCP could paralyze key US infrastructure to trigger widespread economic turmoil as a bargaining chip against Washington.
The report emphasizes that completely phasing out cellular modules in modern society is impractical, as they are an essential part of automation and key to implementing artificial intelligence in factories and everyday life. The pressing challenge facing the United States is how to prevent and reverse the spread of Chinese cellular modules across the country. While these risks currently remain theoretical, if left unchecked, the consequences could be catastrophic.
There are approximately 30.9 billion connected devices globally, with cellular modules serving as essential components for the Internet of Things (IoT). IoT integrates various devices such as drones, surveillance cameras, cranes, and factory machinery, connecting them to central systems to achieve higher levels of automation.
For example, US ports use cellular modules to expedite cargo unloading, power grids use them for power scheduling, hospitals use them to access electronic medical records, farms use them for smart agricultural navigation, private logistics companies use them to track and manage fleets and goods, and transportation systems rely on them for traffic monitoring, managing vehicle networks, and military maneuvering systems.
With the combination of AI technology and the IoT, this market is expected to continue expanding. However, cellular modules present significant surveillance risks as entry points for network traffic. Many industrial systems use 4G or 5G networks as backup solutions when Wi-Fi is disconnected, making such products increasingly common in IoT infrastructure.
This exacerbates cybersecurity vulnerabilities, as the CCP could compel companies to cooperate in intelligence activities under the National Security Law, or face severe penalties. Theoretically, the CCP could intercept vast amounts of information on American citizens and even track specific individuals and behavior patterns.
Furthermore, these modules could serve as potential channels for implanting malicious software (viruses, worms). When US companies import hardware modules, they may inadvertently introduce proprietary software, enabling unaudited code or viruses to infiltrate sensitive systems, disrupting maintenance schedules or cooling systems, and other critical processes.
More sophisticated attacks could even render devices completely inoperable. US agricultural equipment giant John Deere demonstrated this technology when the Russian military seized their smart agricultural machinery in Ukraine and transported it to the east, prompting the company to remotely lock the machines using the built-in communication modules.
The most prevalent risk lies in US port infrastructure. US Department of Defense officials expressed concerns that Chinese-made cellular modules embedded in Shanghai Zhenhua Heavy Industries (ZPMC) cranes could not only be used for surveillance by the CCP but also potentially halt US port operations in the event of a US-China conflict.
A congressional investigation in 2024 also warned that major US ports (including military ones) had deployed hundreds of ZPMC cranes fitted with undisclosed communication modules. This setup allows the CCP to monitor US military operations at any time, even providing real-time intelligence in the event of regional conflicts.
The report mentions that over the past two decades, the CCP has been dedicated to developing essential components for the IoT. China’s Ministry of Industry and Information Technology has classified IoT modules as a “strategic highland,” and the State Council has included them in the “Twelfth Five-Year Strategic Emerging Industries Plan.”
In addition to investing national resources to support companies, the CCP has created a huge domestic market to sustain industry development. Since the end of the COVID-19 zero-tolerance policy at the end of 2022, the CCP has introduced subsidies and “trade-in” programs for consumer electronics products.
With strong official support, Chinese companies have successfully captured the global market. Despite facing competition from Western majors, Quectel and Fibocom together maintain nearly 45% of the global market share. Quectel, through a “dumping” strategy, has defeated its competitors, with independent estimates suggesting that its products are sold at prices even lower than production costs by 15% to 20%.
Moreover, Chinese enterprises have expanded their footprint through acquisitions of foreign companies. For example, in 2023, Fibocom acquired the European company Rolling Wireless, specializing in automotive IoT, allowing the CCP to control more of the European IoT market.
A US congressional investigation revealed that Quectel not only participates in the CCP’s “civil-military integration strategy” but also has close ties with companies controlled or supported by the CCP, such as China Mobile and Huawei. Additionally, Quectel’s communication with the CCP’s touted BeiDou satellite navigation system is relevant, as the system is crucial for the PLA’s precision strike capabilities.
As a result, the US Department of Defense has placed Quectel on the list of “Chinese military companies” (an action that the company is currently disputing), highlighting its risk to US supply chains.
Furthermore, the CCP could advance its agenda through remote connections and analysis of American military schedules to gain advanced knowledge of troop movements. Moreover, the CCP could secretly utilize data from cars, routers, sensors, and other devices to pinpoint sensitive locations in the US, including military bases and oil and gas pipelines.
Although recent restrictions have been imposed on Chinese-manufactured vehicle networking systems in the US, these measures are insufficient. Chinese cellular modules have already permeated key infrastructure maintaining US military mobility, essentially providing a backdoor for the CCP to launch preemptive strikes and sabotage efforts that could temporarily blind the US military.
Despite Chinese dominance in the cellular module market, the United States and its allies still possess considerable purchasing power and access to reputable alternative suppliers. The US government should leverage this advantage by taking actions such as procurement bans and trade sanctions to exclude Chinese cellular modules from critical infrastructure.
The report puts forward three policy recommendations:
First, the Department of Defense should conduct a comprehensive review and propose replacement plans, implementing a “rip-and-replace” program or accelerating the retirement of existing equipment, and provide specific mitigation measures to Congress as US military assets and infrastructure may have already been compromised.
Second, the US Congress should legislate to prohibit the Department of Defense from procuring Chinese cellular communication modules. Congress should stipulate that the Department of Defense must switch to alternative suppliers not controlled by foreign hostile forces. This ban can be phased in, giving the military a year to find new contractors.
Third, the Federal Communications Commission (FCC) should blacklist Chinese cellular module manufacturers. Although cellular modules are integrated into various consumer products, they are essentially communication devices that rely on US telecommunications networks. The FCC should ensure that companies with ties to the CCP are listed under regulatory control, fully restricting the sale of these products in the US.
In conclusion, these Chinese products pose a “clear and immediate” national security crisis for the United States, as they not only facilitate CCP espionage activities but could also become a “time bomb” for undermining the US economy and critical military infrastructure. The US should take action now, before the CCP gains complete control of the market, by using procurement bans to limit the entry of nefarious actors and safeguard supply chains and national defense.