April 15, 2026 | Memo
The Risks of Chinese-Produced Cellular Modules
When a doorbell, refrigerator, or thermostat in the United States is connected to the internet, it may already be sending data to the Chinese government. These “smart” devices rely on a component known as a cellular module to connect to the internet over cellular networks. Two Chinese firms, Quectel and Fibocom, already control nearly half the global market for cellular modules. Congressional investigations and independent reporting suggest their units may pose a national security threat.1
Not just America’s homes, but also its power grids, ports, hospitals, transportation networks, and ship-to-shore cranes increasingly rely on cellular modules. In theory, these modules can shut down their host devices in addition to collecting massive amounts of data. This is possible because manufacturers of cellular modules maintain remote access to the devices to provide software and firmware updates “over the air.”2 If Beijing consolidated control of U.S.-based modules, it could disrupt an American military mobilization in response to Chinese efforts to coerce Taiwan. Or, amid a crisis, Beijing could hold Washington hostage by threatening to cause massive economic disruption.
Dispensing with cellular modules is not an option. They are essential to automation and will be critical to integrating artificial intelligence (AI) into real-world environments, bridging the gap between frontier models and the factory floor. The challenge ahead for the United States is how to stop and reverse the proliferation of Chinese cellular modules. These risks are, so far, hypothetical, but their cumulative effects could be catastrophic.
Cellular Modules May Pose a Potent Cybersecurity Risk
With an estimated 30.9 billion devices currently deployed worldwide, cellular modules are, in effect, the backbone of the Internet of Things (IoT), an architecture that fuses disparate devices, such as drones, security cameras, port cranes, and manufacturing tools, into centralized hubs to enable greater automation.3 At U.S. ports, connected and remotely controlled devices accelerate offloading.4 American power grids use networked equipment to assist in load management.5 Hospitals need cellular modules to streamline access to electronic medical records.6 Farms use connected devices to guide smart tractors.7 The private-sector logistics industry has embedded cellular modules across much of its supply chain for asset tracking, management, and fleet communication. Transportation systems rely on cellular modules in traffic monitoring, connected vehicles, and the systems necessary for military mobility.8 As firms pivot toward physical AI or combine AI with preexisting IoT infrastructure, particularly within fields such as advanced manufacturing, the cellular module market will continue to expand.9
Cellular modules’ access to internet traffic creates a substantial surveillance risk. The modules are essential components of certain router systems, which use them to connect a Wi-Fi router to a 4G or 5G network as a form of redundancy when Wi-Fi is unavailable. Such products have become increasingly common across IoT infrastructure, particularly in industrial systems.10 However, this feature may exacerbate security concerns since Chinese national security law allows Beijing to access firms’ data to assist in state surveillance efforts.11 Thus, China could theoretically gain access to a broad swath of Americans’ information while positioning Beijing along key connectivity nodes that could be used to track specific individuals or identify broad patterns.12
Cellular modules are also positioned to deliver malware across the American economy. Along with importing the physical modules, American firms are also importing the proprietary software the devices run, creating the potential for them to deliver un-auditable code or malware deep into sensitive systems. This includes systems that regulate maintenance schedules, thermal management systems, and other critical processes.13
A more sophisticated attack could immobilize connected devices. American manufacturer John Deere revealed this type of vulnerability when it used the cellular modules in its smart tractors and other farming equipment to immobilize them after they were stolen by Russian forces in Ukraine seeking to ship them eastward.14 This type of risk remains most prevalent within U.S. port infrastructure, with Department of Defense (DOD) officials expressing concern that Chinese cellular modules embedded in Shanghai Zhenhua Heavy Industries Company (ZPMC) cranes may both facilitate surveillance and allow Beijing to paralyze them in the event of war.15
China’s State-Backed Campaign To Dominate the Global Cellular Module Market
Over the past two decades, Beijing has focused heavily on developing the components required to deploy its vision of the IoT both domestically and globally. As part of this effort, the Chinese Ministry of Industry and Information Technology (MIIT) designated IoT modules as a “strategic high ground” (“战略制高点之”), while the State Council identified IoT as a key emerging industry in its 12th Five-Year Plan for Strategic New Emerging Industries.16 Along with directing state resources to build up China’s cellular module sector, Beijing aims to develop a vast internal market for such technologies, having introduced a range of subsidies and trade-in programs for consumer electronics since the end of its “Zero-COVID” measures in late 2022.17
This support has allowed Chinese firms to win substantial market share. While still facing competition from a range of Western firms — particularly Telit Cinterion and Sierra Wireless (now part of Semtech) — Quectel and Fibocom together control nearly 45 percent of the market.
Quectel, in particular, achieved a dominant position through its aggressive lowball pricing strategy, with independent estimates suggesting that the firm sells at 15 to 20 percent below the cost of production.
Chinese firms have also purchased international competitors to bolster their hold on the market. In 2023, for example, Fibocom acquired Rolling Wireless, a European firm that developed IoT products for the automotive market, giving Beijing a greater share of Europe’s IoT market.18
Chinese Cellular Modules Pose Operational Risks to U.S. Military Mobility
Congressional investigations have alleged that Quectel is part of Beijing’s Military-Civil Fusion (MCF) strategy and reportedly tied to other MCF firms such as China Mobile and Huawei Technologies.19 Quectel also allegedly maintains connections to China’s BeiDou satellite navigation system, a core component of the PLA’s precision strike capability.20 As a result, the DOD designated Quectel as a “Chinese military company” to highlight their risk to U.S. supply chains, an action currently being contested by the firm.21
By exploiting the preexisting remote access that manufacturers maintain, Beijing may be in a position to disrupt a future U.S. military mobilization. Persistent monitoring could facilitate pattern-of-life analysis that Chinese intelligence might leverage to gain early indications of U.S. military movements. Beijing could also surreptitiously exploit cellular modules to collect data from cars, routers, sensors, and other devices to map sensitive locations across the United States, such as military facilities or oil and gas pipelines.
A 2024 congressional investigation warned that hundreds of ship-to-shore cranes produced by ZPMC installed in ports across the United States — including those used by the U.S. military — contained undisclosed cellular modules that China could use for espionage.22
In particular, China could theoretically gain insight into U.S. military operating practices, including potential access to real-time intelligence in the event of a regional military buildup. To some extent, the United States has mitigated the risk of surveillance from vehicle-mounted modules by imposing restrictions on internet-connected automotive systems produced by China.23 Yet this, at best, addresses one facet of the challenge.
Finally, the most critical risk associated with Chinese-produced cellular modules is their integration into the critical infrastructure essential to maintaining U.S. military mobility. Their presence opens an avenue for Beijing to sabotage U.S. forces long before they arrive at the fight. A less severe disruption might entail a “blinding” attack that limits owners’ capacity to connect to their devices or prevents connected devices from functioning properly.
Recommendations
While Chinese firms hold a dominant position in the global cellular module market, the United States and its allies and partners have strong competitors and notable buying power, allowing Washington to shape the market to favor U.S. national security. By exercising this leverage through a combination of procurement bans and trade sanctions, the United States can mitigate the risks associated with Chinese cellular modules, limit their proliferation across critical infrastructure systems, and offer a positive market signal to alternative suppliers. To that end:
- Congress should require the Department of Defense to audit its infrastructure to identify embedded Chinese cellular modules and report on associated mitigation measures. Given their ubiquity, it is highly likely that Chinese cellular modules are embedded within DOD assets and infrastructure, including systems critical to military mobility. The department should audit its systems to gain comprehensive situational awareness of possible vulnerabilities. Once identified, the department should notify Congress of ongoing and future mitigation measures, from “rip-and-replace” programs to cycling out legacy assets.
- Congress should ban the Department of Defense from procuring Chinese cellular modules. Congress should mandate that DOD rely on alternative suppliers that are not subject to the jurisdiction or direction of foreign adversaries. This ban should be phased in over the course of one year, allowing the department to identify alternative contractors.
- The Federal Communications Commission (FCC) should add Chinese cellular module manufacturers to its Covered List. While they are integrated into a range of consumer products, cellular modules are fundamentally communications devices that rely on the U.S. cellular network to provide connectivity. The FCC should ensure that Chinese firms with ties to Beijing are added to the Covered List, restricting the sale of their products in America.
Conclusion
Chinese cellular modules present a clear and present national security risk to the United States. They offer Beijing an avenue to amplify its espionage campaigns and potentially disrupt critical infrastructure that underpins both U.S. economic prosperity and military mobility. As Chinese firms aim to consolidate their hold over this critical market, the U.S. government has a limited window to safeguard defense-critical operations and promote secure supply chains by enacting procurement bans and limiting its adversary’s market access.
