The Internet of Things (IoT)includes devices that collect data, communicate with each other, send data to back-end systems, and act on the information collected through intelligent apps. Its application is increasingly ubiquitous as more homes, industries, and cities become "smart", including mobile-controlled light bulbs, thermostats, smart security systems, medical monitoring devices, watches and other wearable devices, or equipment and control systems in smart industries and smart cities. It comes after "at least one" hidden Chinese IoT module "capable of transmitting location data" was reportedly found during a sweep of the UK’s government and diplomatic cars. Having sent the report to the UK government, British diplomat Charles Patron urged countries to wake up to the threat. "We are not yet awake to this threat. China has spotted an opportunity to dominate this market, and if it does so, it can harvest an awful lot of data and make foreign countries dependent on them", he told The Telegraph. 

British parliamentarians also called for tighter rules around public procurement. The government "took too long" to strip Huawei, a Chinese telecommunications giant, from the UK’s 5G network, Alicia Kearns, Chair of the Foreign Affairs Committee, said on January 11th during the second reading of the Procurement Bill, adding that there are "tens of examples" of other Chinese products in the UK’s public supply chain, such as DJI drones, Hytera body cameras, and Hikvision cameras. She also warned that Chinese-made cellular internet of things (IoT) nodes, commonly known as SIM cards, installed in cars could give China the ability to pinpoint secure sites or to find out "where our Prime Minister is travelling to". Kearns told MPs that the three Chinese companies, Quectel, Fibocom, and China Mobile, which together make half of the world’s cellular IoT modules, "cannot be trusted".

Economic and Security Risks

The Patron report, written for Washington-based consultancy OODA, states that using Chinese IoT modules in critical national infrastructure and key industries could enable more espionage and theft of intellectual property, allow "detailed surveillance in smart cities", or allow bad actors to sabotage the systems. To find out about weapons manufacturing in the United States, the Chinese intelligence services may be able to "build up a worryingly accurate picture of how many spare parts or weapons systems have been transported, and to where" by using data harvested by IoT modules embedded in the supply chains and logistics system, he said in one example of the potential risks.

On an individual level, China could collate data harvested from a wide range of sources, including government systems and individuals’ interactions with IoT devices, such as car computers, domestic appliances, or wearable devices, and use artificial intelligence to find out their identities, habits, contacts, and finances, making it easier to target key government workers or dissidents. In his recommendations, Parton said countries should take steps to ban Chinese IoT modules from their supply chains as soon as possible, including a thorough audit of where these modules are embedded in government properties and services and critical national infrastructure, a ban on buying new Chinese IoT modules by the end of this year, and a deadline to replace existing products, possibly by the end of 2025.