Report: China Could Be Spying on You Through Your Smart Home Devices

Cellular modules manufactured by Chinese companies and embedded in smart home devices represent a significant national security risk to the United States, according to the Foundation for Defense of Democracies.

The Hill reports that the Foundation for Defense of Democracies (FDD) has released a report warning that two Chinese companies, Quectel and Fibocom, control nearly half of the global market for cellular modules, tiny components that enable smart home devices to connect to cellular networks. This market dominance creates potential espionage and sabotage risks that could have catastrophic consequences for American national security and infrastructure.

The report outlines how these modules are ubiquitous in American life. They are found in common smart household items such as doorbells, refrigerators, and thermostats, as well as in critical infrastructure including ports, hospitals, power grids, cranes, and transportation networks.

According to the report, the primary concern stems from the fact that manufacturers maintain remote access to these modules to provide firmware and software updates. This access theoretically allows the modules to collect large amounts of data and even shut down their host devices. Given China’s national security law, which permits the government to access firms’ data to aid surveillance efforts, Beijing could potentially access a significant portion of Americans’ information.

“If Beijing consolidated control of U.S.-based modules, it could disrupt an American military mobilization in response to a Chinese invasion of Taiwan. Or, amid a crisis, Beijing could hold Washington hostage by threatening to cause massive economic disruption,” the report states.

The authors emphasized that dispensing with cellular modules is not a viable option, as they are essential to automation and will be critical to integrating artificial intelligence into real-world environments. The modules serve as a necessary part of router systems that connect to 4G or 5G networks when Wi-Fi is unavailable.

“The first concern is that cellular modules embedded in Wi-Fi modems could have access to the information that’s passing through that modem, and then once they have that information, because cellular modules are connected back to the manufacturer in China, that information that is collected by that cellular module could then be accessed by the CCP,” one of the authors said in an interview.

While Quectel and Fibocom face competition from Western companies, they still control almost 45 percent of the market, according to the foundation’s findings. Previous congressional investigations have alleged that Quectel is part of China’s Military-Civil Fusion strategy and maintains links to China’s BeiDou satellite navigation system, which provides People’s Liberation Army messaging and high-accuracy positioning capabilities for precision-guided missiles. Due to these connections, the Pentagon has designated Quectel as a “Chinese military company” operating in the United States.

The report highlights particular concerns for military operations. “The concern is that, because the U.S. military relies on secure critical infrastructure, China’s hold over cellular modules might be used to either disable or sabotage these types of critical infrastructure systems that allow the U.S. to project military power abroad,” Burnham explained.

To address these risks, the report proposes three specific recommendations. First, Congress should compel the Pentagon to perform an audit of its infrastructure to track down potential embedded Chinese cellular modules. Second, Congress should ban the Pentagon from procuring Chinese cellular modules. Third, the FCC should place Chinese cellular module manufacturers on its Covered List, which would bar their authorization or sale in the United States.