For over a decade, cybersecurity experts in both government and private sectors have raised alarms about the dangers posed by technology products manufactured in China. The United States’ heavy reliance on these devices has created vulnerabilities that the Chinese Communist Party (CCP) has exploited to undermine national security and strategic interests. From smartphones preloaded with malicious software to critical infrastructure components rigged for espionage, Chinese-made devices have been repeatedly leveraged in cyberattacks. This article explores the most significant instances of such exploitation, drawing on documented cases and expert warnings, to highlight the risks and the urgent need for action.
Malware in Government-Funded Phones: A Hidden Invasion
One of the most alarming examples of Chinese cyberattacks involved budget Android phones distributed through U.S. government programs. Beginning around 2015, phones manufactured by the American company BLU, but produced in China, were found to contain preinstalled malware. According to cybersecurity firm Kryptowire, the malicious software originated from Shanghai Adups Technology Company, a Chinese IT services provider contracted by BLU to handle software updates. The malware was embedded at the core of the phones’ operating systems, including in wireless update and settings apps, making it impossible to remove without disabling the device entirely.
This malware collected extensive personal data from users, including precise location information, contact lists, call and text logs, and even the full contents of text messages. In some cases, it allowed remote actors—suspected to be based in China—to take screenshots or assume control of the devices. Kryptowire’s findings revealed that the data was encrypted and transmitted to a server in China, where, as the article notes, “Chinese Communist Party law mandates that information is a national resource, effectively transferring Americans’ most personal data directly to the regime.”
The scale of this breach was staggering. Adups claimed in 2016 to have over 700 million active users worldwide, with its firmware integrated into not only phones but also semiconductors, wearable devices, cars, and televisions. The malware evaded detection for years because it was embedded in the phones’ foundational software, which most antivirus tools automatically trusted. As the article explains, “The malign activity was able to bypass detection for some time because the malware was embedded in the software of the phone and therefore automatically whitelisted by most malware detection tools.”
The issue resurfaced in 2020 when Malwarebytes discovered similar Adups malware on phones distributed through Virgin Mobile’s Assurance Wireless program, another government-subsidized effort to provide affordable phones to low-income Americans. In 2017, the Federal Trade Commission settled with BLU, finding that the company had misled customers about the extent of data collection by Adups. These incidents highlight how even well-intentioned programs can become vectors for espionage when reliant on Chinese-made technology.
Mystery Routers in U.S. Ports: A Threat to Critical Infrastructure
In 2024, a congressional investigation uncovered another disturbing case: Chinese-made routers and modems embedded in critical infrastructure at U.S. ports. The report focused on giant ship-to-shore cranes, manufactured by Shanghai Zhenhua Heavy Industries (Zhenhua), a subsidiary of the state-owned China Communications Construction Co. These cranes, used to unload cargo at major U.S. ports, were equipped with Chinese-manufactured modems that had no documented purpose. As the article states, “Investigators warned that the technology embedded in the devices could allow unauthorized access to sensitive U.S. port operations and that some of the modems were also found to have active connections to the operational components of the cranes, suggesting they could be remotely controlled.”
The proximity of Zhenhua’s manufacturing facility to China’s advanced shipbuilding and intelligence operations raised further concerns. The article notes, “U.S. lawmakers noted at the time that Zhenhua’s manufacturing facility was located adjacent to China’s most advanced ship-making facility, where the regime builds its aircraft carriers and houses advanced intelligence capabilities.” In a letter dated February 29, 2024, lawmakers demanded answers from Zhenhua’s leadership about the purpose of these modems, some of which were found in a U.S. seaport’s server room housing critical networking equipment.
The scope of the problem is significant. Rear Adm. John Vann of the U.S. Coast Guard’s Cyber Command reported that over 200 Chinese-manufactured cranes operate across U.S. ports, with fewer than half inspected for such devices. This vulnerability could enable espionage or sabotage, threatening the supply chain and national security.
Exploiting Routers and Cameras: Widespread Vulnerabilities
Chinese-made network devices, such as routers and security cameras, have also been prime targets for cyberattacks. The Cybersecurity and Infrastructure Security Agency (CISA) has documented how these devices, often produced by Chinese firms like Dahua Technology, are exploited to gain unauthorized access to U.S. networks. In 2016, Dahua’s surveillance equipment was linked to a distributed denial-of-service (DDoS) attack that overwhelmed targeted systems. In 2021, security researchers identified a flaw in Dahua’s software that allowed hackers to bypass authentication and take control of over a million devices. As the article describes, “In that incident, more than a million devices were exploited and used to create two botnets, which were then used to target the website of a cybersecurity journalist in a DDoS and extortion campaign.”
These vulnerabilities persist. In February 2025, the Department of Homeland Security issued a bulletin warning that Chinese-made cameras, widely used in U.S. infrastructure like the electrical grid and ports, remained susceptible to exploitation. The bulletin noted, “[China]-manufactured, internet-connected cameras and devices could serve as additional vectors for cyber actors to gain and maintain stealthy, persistent access to US critical infrastructure.” Alarmingly, some cameras used by an American oil and gas firm were found communicating with a server in China believed to be linked to the CCP.
The problem is exacerbated by “white-labeling,” where Chinese-made components are rebranded and sold under different company names, obscuring their origins. The article highlights that “the number of China-made cameras installed in U.S. networks was believed to have grown by 40 percent between 2023 and 2024, despite a ban on related products by the Federal Communications Commission.” This practice makes it difficult for consumers and businesses to identify risky devices.
A Strategic Threat: Preparing for Conflict
The repeated exploitation of Chinese-made devices points to a broader strategy by the CCP. CISA warned in 2024 that Chinese state-sponsored actors are prepositioning malware in U.S. systems to prepare for potential conflict. The advisory stated, “[Chinese] state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.” Such attacks could “jeopardize the physical safety of Americans and impede military readiness.”
This threat is amplified by the U.S.’s dependence on Chinese technology. From consumer devices to critical infrastructure components, the prevalence of these products creates numerous entry points for cyberattacks. Experts warn that this reliance could be exploited in a crisis, such as a conflict over Taiwan, to disrupt U.S. operations.
Economic Tensions and Cyber Retaliation
The risks are not limited to espionage or sabotage. Recent trade tensions, including tariffs imposed by the U.S. on Chinese goods, have raised concerns about retaliatory cyberattacks. Cybersecurity advisor Tom Kellermann noted, “Trade wars were a historical instrument of soft power. Cyber is and will be the modern instrument of choice.” Groups like Salt Typhoon and Volt Typhoon, believed to be Chinese state-backed, have already infiltrated U.S. infrastructure, positioning themselves for more significant attacks. Annie Fixler of the Foundation for Defense of Democracies added that China may be holding back its full capabilities in anticipation of a larger geopolitical crisis.
The Path Forward: Reducing Reliance
The growing catalog of cyberattacks exploiting Chinese-made devices underscores the need for the U.S. to reduce its dependence on these products. While not every Chinese device is malicious, the pattern of exploitation demands vigilance. Strengthening domestic manufacturing, enforcing stricter import regulations, and raising public awareness about the risks are critical steps. As the article concludes, “The increasing reliance on Chinese-manufactured components in public and private systems is a major threat to the United States’ national security that will likely only be overcome by increasing domestic development of critical technologies and related infrastructure.”
By addressing these vulnerabilities, the U.S. can better protect its citizens and infrastructure from the evolving cyber threats posed by Chinese imports. The stakes are high, and the time to act is now.
