China has the ability to spy on millions of people in Britain by “weaponising” microchips embedded in cars, domestic appliances and even light bulbs, ministers have been warned.
The “Trojan horse” technology poses a “wide-ranging” threat to UK national security, according to a report sent to the Government by a former diplomat who has advised Parliament on Beijing.
The modules collect data and then transmit it via the 5G network, giving China the opportunity to monitor the movements of intelligence targets including people, arms and supplies, and to use the devices for industrial espionage. Millions of them are already in use in the UK.
The report, published on Monday by the Washington-based consultancy OODA, says the potential threat to national security outstrips the threat from Chinese-made components in mobile phone masts which led to a Government ban on Huawei products being used in mobile infrastructure.
'We are not yet awake to this threat'
Ministers have completely failed to grasp the threat posed by the “pervasive presence” of the modules, known as cellular IoTs, the report says - a concern that has been echoed by senior MPs. It calls on ministers to take urgent action to ban Chinese-made cellular IoTs from goods sold in Britain before it is too late.
Charles Parton, the author of the report, said: “We are not yet awake to this threat. China has spotted an opportunity to dominate this market, and if it does so it can harvest an awful lot of data as well as making foreign countries dependent on them.”
Mr Parton spent 22 years of his diplomatic career working in or on China, Taiwan and Hong Kong, and has advised the Foreign Office and the EU on Chinese affairs, as well as being the Commons foreign affairs committee’s special adviser on China.
Cellular IoTs - which stands for Internet of Things - are small modules used in everything from smart fridges to advanced weapons systems to monitor usage and transmit data back to the owner, and often the manufacturer, using 5G.
Earlier this month it emerged that the security services had dismantled ministerial cars and found at least one of the devices hidden inside another component. There were fears that China had the capability of monitoring the movements of everyone from the prime minister downwards using the modules.
But the problem goes far beyond ministerial cars, the report warns.
Three Chinese companies - Quectel, Fibocom and China Mobile - already have 54 per cent of the global market in the devices, and 75 per cent by connectivity.
Like all Chinese firms, they must hand over data to the Chinese government if ordered to, meaning that the Chinese Communist Party can gain access to as many devices as it likes.
Customers of the three Chinese firms include the computing firms Dell, Lenovo, HP and Intel, car maker Tesla, and the card payments firm Sumup.
Vast spying potential
Among the devices that contain the modules are: laptop computers; voice-controlled smart speakers; smart watches; smart energy meters; fridges, light bulbs and other appliances that can be controlled through an app; body-worn police cameras; doorbell cameras and security cameras; bank card payment machines, cars and even hot tubs.
The potential for spying is vast. Coupled with artificial intelligence and machine learning to process huge quantities of data, the report suggests that China could, for example, monitor the movements of US weapons sales in order to work out if it was selling arms to Taiwan.
It could also work out the identities and addresses of royal and diplomatic protection officers, then monitor their cars during advance security sweeps to work out where ministers would be visiting.
China could also monitor the movements of targets via bank card payment terminals, and even work out who they were meeting, and when. The report also suggests data harvested from the cellular IoTs could be used to identify potential intelligence sources, by working out who handles sensitive information, then finding ways to bribe or blackmail them into spying for China.
Sabotage is another concern, if China decided to attack national infrastructure by disabling the devices.
Even such innocuous applications as agricultural machinery, which also use the devices, could help the Chinese to spot vulnerabilities in Western supply chains, such as poor harvests of a particular crop, then seize market share by undercutting British suppliers, making the West ever more dependent on Chinese exports.
Allowing China to build up a monopoly on manufacturing the devices - which are subsidised by the Chinese state to make them cheaper than Western competitors - would also make the West entirely dependent on China for supplies of a strategically important component.
The report says: “The data generated by automated logistics, manufacturing, and transport systems…could be invaluable as a means of ensuring that the holder’s economic interests prosper over those of a competitor.”
It says information gleaned from cellular IoTs “equates to a form of data-driven insider knowledge”.
Countries 'should ban Chinese modules'
The report by OODA, which stands for the Observe, Orientate, Decide, Act mantra used by fighter pilots, says the fact that many Western firms also make the devices mean China’s dominance is not “a lost cause”, partly because the global market share the three firms control includes the sizeable domestic market in China.
“It is time to wake up,” the report says. “Free and open countries should ban Chinese manufactured IoT modules from their supply chains as soon as possible.”
It recommends a complete audit of government property to replace the devices where necessary and suggests companies operating in sensitive areas, such as defence, should be told to carry out the work by the end of 2025.
The Internet of Things, described in the report as “the central nervous system of the global economy”, is used in applications ranging from security, manufacturing and transport to supply chains, agriculture and smart homes. The data gathered by devices can be used for everything from planning energy supply to improving traffic flow or supply chain management, but it would also have almost unlimited uses if it fell into the wrong hands.
The Internet of Things is a phrase used to describe devices that connect and exchange data with other devices over the internet. Cellular IoT devices, which typically measure less than 5x5cm, are the component that makes devices “smart”, so a “smart” security camera uses a C-IoT to connect to your mobile phone. They can also connect to each other, for example an electric car might “talk” to charging stations to find out which ones are in use.
As well as talking to other devices, they can send data back to manufacturers for quality control purposes and to enable over-the-air updates to their software, but this provides a potential gateway for hostile states to harvest data on people using the devices.
'There are European alternatives'
Alicia Kearns MP, chairman of the Commons foreign affairs select committee, said: “Because they are in so many of our mundane day-to-day objects, the risk, if someone was able to weaponise them, is significant.
“You could track someone, and work out where the prime minister is going to be, for example, and that would be very useful information for terrorists.
“We are not looking at this strategically. We need to recognise that we need to focus on components in everyday products that give away key data about the user, whether that be location, or interests, or things that could be used for blackmail.
“National security considerations have been woefully inadequate when it comes to industrial strategy. There are European alternatives to this. We need to phase them out. I think there are a series of Huawei-sized decisions that we haven’t made and we need to put national security and strategic resilience at the heart of everything we do as a country.”
Quectel, Fibocom and China Mobile have all been approached for comment.