A new analysis from the Foundation for Defense of Democracies (FDD) warns that Chinese-produced cellular modules, embedded across everything from smart home devices to critical infrastructure, present a growing national security concern as their global footprint expands. The report highlights that two Chinese firms, Quectel and Fibocom, already control nearly half of the global market, raising concerns that devices connected through these modules could transmit data back to Beijing. As cellular modules enable connectivity in systems ranging from power grids and ports to hospitals and transportation networks, their widespread deployment introduces potential surveillance and disruption risks across both civilian and industrial environments.
The analysis further underscores that these modules are not passive components but maintain remote access capabilities for software and firmware updates, creating a pathway for potential exploitation. This access could theoretically allow malicious actors to collect sensitive data, deliver unverified code into critical systems, or even disable connected devices during a crisis. The report warns that such capabilities could be leveraged to disrupt U.S. military mobility or critical infrastructure operations, particularly given the integration of these modules into logistics networks, industrial systems, and port infrastructure. While the risks remain largely hypothetical, the report argues that their cumulative impact could be severe if left unaddressed.
“Dispensing with cellular modules is not an option. They are essential to automation and will be critical to integrating artificial intelligence (AI) into real-world environments, bridging the gap between frontier models and the factory floor,” Mark Montgomery, FDD’s Center on Cyber and Technology Innovation senior director and senior fellow, and Jack Burnham, senior research analyst, wrote in the FDD analysis. “The challenge ahead for the United States is how to stop and reverse the proliferation of Chinese cellular modules. These risks are, so far, hypothetical, but their cumulative effects could be catastrophic.”
They identified that while Chinese firms hold a dominant position in the global cellular module market, the U.S. and its allies and partners have strong competitors and notable buying power, allowing Washington to shape the market to favor U.S. national security. By exercising this leverage through a combination of procurement bans and trade sanctions, the U.S. can mitigate the risks associated with Chinese cellular modules, limit their proliferation across critical infrastructure systems, and offer a positive market signal to alternative suppliers.
FDD identified that with an estimated 30.9 billion devices currently deployed worldwide, cellular modules are, in effect, the backbone of the IoT (Internet of Things) architecture that fuses disparate devices, such as drones, security cameras, port cranes, and manufacturing tools, into centralized hubs to enable greater automation.
“At U.S. ports, connected and remotely controlled devices accelerate offloading. American power grids use networked equipment to assist in load management. Hospitals need cellular modules to streamline access to electronic medical records. Farms use connected devices to guide smart tractors,” according to the analysis. “The private-sector logistics industry has embedded cellular modules across much of its supply chain for asset tracking, management, and fleet communication.”
It added that transportation systems rely on cellular modules in traffic monitoring, connected vehicles, and the systems necessary for military mobility. “As firms pivot toward physical AI or combine AI with preexisting IoT infrastructure, particularly within fields such as advanced manufacturing, the cellular module market will continue to expand.”
Montgomery and Burnham recognize that cellular modules’ access to internet traffic creates a substantial surveillance risk. “The modules are essential components of certain router systems, which use them to connect a Wi-Fi router to a 4G or 5G network as a form of redundancy when Wi-Fi is unavailable. Such products have become increasingly common across IoT infrastructure, particularly in industrial systems.”
“However, this feature may exacerbate security concerns since the Chinese national security law allows Beijing to access firms’ data to assist in state surveillance efforts,” they added. “Thus, China could theoretically gain access to a broad swath of Americans’ information while positioning Beijing along key connectivity nodes that could be used to track specific individuals or identify broad patterns.”
The analysis noted that cellular modules are also positioned to deliver malware across the American economy. “Along with importing the physical modules, American firms are also importing the proprietary software the devices run, creating the potential for them to deliver un-auditable code or malware deep into sensitive systems. This includes systems that regulate maintenance schedules, thermal management systems, and other critical processes.”
A more sophisticated attack could immobilize connected devices. American manufacturer John Deere revealed this type of vulnerability when it used the cellular modules in its smart tractors and other farming equipment to immobilize them after they were stolen by Russian forces in Ukraine seeking to ship them eastward. This type of risk remains most prevalent within U.S. port infrastructure, with Department of Defense (DOD) officials expressing concern that Chinese cellular modules embedded in Shanghai Zhenhua Heavy Industries Company (ZPMC) cranes may facilitate surveillance and allow Beijing to paralyze them in the event of war.
To that end, the FDD analysis calls for a more assertive policy response to mitigate the risks tied to Chinese cellular modules embedded across U.S. systems.
It urges Congress to require the DOD to conduct a comprehensive audit of its infrastructure to identify where Chinese cellular modules are embedded and to report on mitigation measures. Given how widely these components are deployed, the analysis argues it is highly likely they are already present across DOD assets, including systems critical to military mobility. Gaining full situational awareness is the first step, followed by clear reporting to Congress on remediation efforts, which could range from targeted ‘rip-and-replace’ programs to the phased retirement of legacy systems.
The report also recommends that Congress prohibit the DOD from procuring Chinese cellular modules altogether. It calls for a shift toward alternative suppliers that are not subject to the jurisdiction or influence of foreign adversaries, with a proposed one-year phase-in period to allow the department to identify and transition to trusted vendors.
In parallel, the analysis presses the Federal Communications Commission (FCC) to add Chinese cellular module manufacturers to its Covered List. Although these modules are often embedded in consumer and industrial products, they function as core communications components that rely on U.S. cellular networks. Restricting their sale, the report argues, would reduce systemic exposure to vendors with ties to Beijing and limit their presence across critical infrastructure and connected environments.
In conclusion, Montgomery and Burnham said that Chinese cellular modules present a clear and present national security risk to the U.S. “They offer Beijing an avenue to amplify its espionage campaigns and potentially disrupt critical infrastructure that underpins both U.S. economic prosperity and military mobility. As Chinese firms aim to consolidate their hold over this critical market, the U.S. government has a limited window to safeguard defense-critical operations and promote secure supply chains by enacting procurement bans and limiting its adversary’s market access.”
