Ministers have been warned that China has the ability to spy on millions of people in the UK by “arming” microchips embedded in cars, household appliances and even light bulbs.
According to a report sent to the government by a former diplomat who advised Parliament on Beijing, “Trojan horse” technology poses a “widespread” threat to the UK’s national security.
The modules collect data and then transmit it over the 5G network, giving China the ability to monitor the movement of intelligence targets, including people, weapons and supplies, and the use of industrial espionage devices. Millions of them are already in use in the UK.
The report, released Monday by Washington-based consulting firm OODA, said the potential threat to national security outweighed the threat posed by Chinese components in cell phone masts that led to a government ban on Huawei products in mobile infrastructure.
“We are not yet aware of this threat”
The report says ministers have completely misunderstood the danger posed by the “ubiquitous presence” of modules known as cellular IoT – a concern echoed by senior MPs. It calls on ministers to take urgent action to ban Chinese-made mobile IoT from goods sold in the UK before it’s too late.
Charles Parton, the author of the report, said: “We have not yet realized this threat. China saw an opportunity to dominate this market, and if they do, they could collect a huge amount of data and also make other countries dependent on it.”
Mr. Parton has spent 22 years of his diplomatic career working in China, Taiwan and Hong Kong, advising the Ministry of Foreign Affairs and the EU on Chinese affairs, and was Special Adviser to the House of Commons Foreign Affairs Committee on China.
Cellular IoT – which stands for Internet of Things – are small modules used in everything from smart refrigerators to advanced weapons systems to monitor usage and send data back to the owner, and often the manufacturer, using 5G.
Earlier this month, it emerged that security services had dismantled the ministerial cars and found at least one of the devices hidden in another component. There were concerns that China had the ability to monitor the movements of everyone from the prime minister down through the modules.
But the problem extends far beyond ministerial cars, the report warns.
Three Chinese companies – Quectel, Fibocom and China Mobile – already have 54 percent. global device market and 75 percent. in terms of connectivity.
Like all Chinese companies, they must hand over data to the Chinese government if ordered to do so, meaning the Chinese Communist Party can access any number of devices.
The three Chinese companies’ customers include computer companies Dell, Lenovo, HP and Intel, carmaker Tesla and card payment company Sumup.
Huge espionage potential
Devices containing modules include: laptops; voice controlled smart speakers; smart watches; smart energy meters; refrigerators, light bulbs and other devices that can be controlled via the application; body-worn police cameras; doorbell cameras and security cameras; bank card payment machines, cars and even hot tubs.
The espionage potential is huge. Combined with artificial intelligence and machine learning to process massive amounts of data, the report suggests that China could, for example, monitor changes in U.S. arms sales to determine whether it sold arms to Taiwan.
It could also establish the identities and addresses of royal and diplomatic security officers, then monitor their cars during security checks to find out where ministers will be visiting.
China could also monitor targets’ movements via bank card payment terminals and even find out who they’re meeting with and when. The report also suggests that the data collected from mobile IoT could be used to identify potential intelligence sources by identifying who is handling sensitive information and then finding ways to bribe or blackmail them into spying for China.
Another concern is sabotage if China decides to attack the country’s infrastructure by disabling devices.
Even harmless applications like farm machinery that also use these devices could help the Chinese spot weak spots in Western supply chains, such as poor harvests of a particular crop, and then take market share by undercutting British suppliers, making the West increasingly dependent on Chinese exports.
Allowing China to build a monopoly on the production of devices – subsidized by the Chinese state to make them cheaper than Western competitors – would also make the West completely dependent on China for the supply of a strategically important component.
The report states: “Data generated by automated logistics, manufacturing and transportation systems … can be invaluable as a means of ensuring that the holder’s economic interests are superior to those of a competitor.”
He says the information gathered from mobile IoTs “corresponds to a form of data-driven insider knowledge.”
Countries ‘should ban Chinese modules’
The OODA report, which stands for Observe, Orientate, Decide, Act mantra used by fighter pilots, says many Western companies are making devices to mean China’s dominance is not a “lost cause”, partly because participation in the global market, the control of three companies covers a sizable domestic market in China.
“It’s time to wake up,” the report reads. “Free and open countries should remove Chinese IoT modules from their supply chains as soon as possible.”
It recommends a full audit of government property to replace devices if needed, and suggests that companies operating in sensitive areas such as defense have the work completed by the end of 2025.
The IoT, referred to in the report as the “central nervous system of the global economy”, is used in applications ranging from security, manufacturing and transportation to supply chains, agriculture and smart homes. The data collected by the devices can be used for everything from energy planning to traffic flow improvement or supply chain management, but it would also have almost limitless uses if it fell into the wrong hands.
The Internet of Things is an expression used to describe devices that connect and exchange data with other devices over the Internet. Cellular IoT devices, which typically measure less than 5 x 5 cm, are the component that makes devices “smart”, so a “smart” security camera uses C-IoT to connect to a mobile phone. They can also connect to each other, for example an electric car can “talk” to charging stations to find out which ones are in use.
In addition to communicating with other devices, they can send data back to manufacturers for quality control and to enable over-the-air updates to their software, but this presents a potential gateway for hostile states to collect data on who uses the devices.
“There are European alternatives”
Alicia Kearns MP, chair of the House of Commons Foreign Affairs Committee, said: “Because they are found in so many of our everyday items, the risk of someone being able to use them as a weapon is significant.
“You can track someone down and find out where, for example, the prime minister will be, and that would be very useful information for terrorists.
“We are not looking at it strategically. We need to realize that we need to focus on the elements of everyday products that reveal key data about the user, such as location, interests or things that can be used for blackmail.
“National security considerations were woefully inadequate when it came to industrial strategy. There are European alternatives to this. We have to withdraw them. I think there are a number of Huawei-like decisions that we haven’t made, and we need to put national security and strategic resilience at the center of everything we do as a country.”
Quectel, Fibocom and China Mobile were asked for comment.