The Foundation for Defense of Democracies recently came out with a report that warns of security concerns regarding two Chinese companies that are leaders in the cellular modules market (see Figure 1). Cellular modules are used by devices to wirelessly connect to cellular networks. When your doorbell or thermostat connects to the internet to let you know who’s at the door or when your pipes are in danger of freezing, it uses a cellular module to send that information when a wi-fi connection is not available. Cellular modules are also used in power grids, hospitals and transportation networks.
Even cellular modules that are extensively tested before placement can represent a risk. Cellular module firmware can be updated remotely after they have been placed in the field. It is theoretically possible for the supplier to divert or replicate information that the module is sending. Worse yet, the device could be disabled, potentially crippling power grids, transportation networks and shipping ports.
Figure 1: (Source: Liberty Bell Project Report, “Spies, Saboteurs, and Access to U.S. Connected Devices” July 14, 2025 – Written by Clete Johnson
It’s important that we trust these devices to keep the information that they are passing private. The information that they pass, in the wrong hands, could present serious risks. In August 2023, Representatives Mike Gallagher (R-WI) and Raja Krishnamoorthi (D-IL) of the House Select Committee on the Chinese Communist Party wrote a letter to then-Chairwoman of the Federal Communications Commission (FCC) Jessica Rosenworcel requesting information about the threat of Chinese IoT modules. The letter mentioned Quectel and Fibocom by name as being leading state sponsored Chinese cellular IoT industry leaders.
On January 4th, 2024, they wrote to Defense Secretary Lloyd Austin and Treasury Secretary Janet Yellen, outlining new information on Quectel Wireless Solutions’ problematic relationships with a civil-military fusion arm of the Chinese government and with blacklisted firms like Huawei, ZTE, and other Chinese military companies.
They wrote, “We have obtained information about Quectel that raises questions about whether Quectel may meet the legal requirements to be added to [the Department of Defense’s list of Chinese Military Companies (1260H list) and the Department of Treasury’s Non-SDN Chinese Military-Industrial Complex Companies List (NS-CMIC List)], and accordingly respectfully request to be briefed on this matter… Quectel [has] multiple affiliations with [the PRC’s Ministry of Industry and Information Technology].. [and] is a key supplier for numerous firms that the Department of Defense has already listed as Chinese military companies under 1260H.” Quectel was subsequently added to the 1260H list a year later.
SiliconExpert identifies sanctioned companies, alerting customers to any exposure that they may have to those companies, surfacing associated part numbers as well as which products that may contain those parts. We have identified an additional nine cellular module suppliers with active parts headquartered in China. We see an additional 43 such companies headquartered outside of China. SiliconExpert’s cross reference finder can quickly identify alternatives if any of these companies pose a risk to your supply chain.
See Where Supplier Risk Exists Across Your Components
SiliconExpert helps teams identify supplier exposure, affected parts, product impact, and viable alternatives across the BOM.
