Quectel response to FCC about IoT module security
7.9.2023 16:03:00 EEST | Business Wire | Press release
Quectel Wireless Solutions, a global IoT solutions provider, today commented on the recent letter and response being published by the FCC and the Select Committee of the US Congress questioning if Quectel’s IoT modules represent a potential security risk.
“We welcome the opportunity to work with the FCC and other U.S. government entities to demonstrate our compliance and best practice device security approach, says Norbert Muhrer, President and CSO, Quectel Wireless Solutions. “We are committed to contributing to the advancement of a smarter world by delivering best-in-class and secure products. This commitment is evidenced by our extensive device OEM customer base and our constant focus on providing our customers with the best and most secure modules in the industry.”
The Select Committee to the US Congress’ letter to the FCC had several misconceptions about how Quectel modules work. Quectel’s clarification regarding the statements made in the letter is as follows.
Committee letter: “Connectivity modules are typically controlled remotely and are the necessary link between the device and the internet.”
Quectel’s U.S. customers or their customers’ third-party suppliers/service providers handle device and data management exclusively. Firmware updates are managed and controlled by the device original equipment manufacturer (OEM), not Quectel.
Committee letter: “Serving as the link between the device and the internet, these modules have the capacity both to brick the device and to access the data flowing from the device to the web server that runs each device”
The control of Quectel modules resides with the microcontroller unit (MCU) or central processing unit (CPU) embedded within the customer's device. Quectel itself does not possess any control; instead, this authority rests solely with the OEM – the entity responsible for developing the device. Remote management of the device is achievable solely through the OEM's device management platform. A notable instance of this, referred to in the letter, is the widely covered case involving John Deere agricultural equipment, where just the OEM typically can disable the equipment by accessing and shutting down its own MCU’s controlling the machine.
Committee letter: “As a result, if the CCP can control the module, it may be able to effectively exfiltrate data or shut down the IoT device.”
Once Quectel modules leave the factory and are delivered to its customers, Quectel customers own the data, and Quectel has no access to any of the data collected. The ownership, control, storage, and modification of the data generated by IoT devices within the market firmly rest with the OEM device makers and its customers. Even in the rare cases outside of the U.S. where Quectel resells the connectivity service of a wireless carrier, Quectel does not have access to the device data.
Committee letter: “This raises particularly grave concerns in the context of critical infrastructure and any type of sensitive data.”
Applications that require high security, such as critical infrastructure, typically use private access point names (APNs) and other methods which strictly control and monitor network access. This can be used to control and monitor any data flowing to and from the device. Critical infrastructure is meticulously fashioned with a multi-tiered security approach defined and implemented solely by the device OEM, not Quectel.
The cellular industry is heavily regulated and requires intensive testing and accreditation. Carrier and regulatory certifications are executed by trusted third-party labs and carrier labs, assuring that the module complies with strict technical requirements. The Quectel modules have obtained certifications from the FCC, PCS Type Certification Review Board (PTCRB) and major carriers throughout the world, which underlines Quectel’s commitment to meeting rigorous industry standards.
In addition to cellular modules, Quectel also provides Wi-Fi, Bluetooth and GNSS modules and antennas. As a GSMA member, Quectel and its carrier partners comply with all cellular industry regulations and applicable standards to ensure that end customer data is securely transmitted between customer device and mobile network operator. Quectel does not have access to ANY of the device data.
Quectel is committed to delivering high-quality, best-in-class, secure modules and go above and beyond industry standard practices by conducting independent third-party cyber security audits. More recently Quectel also retained the security firm Finite State, which is auditing and penetration testing the security of its modules through rigorous security testing, improved software supply chain visibility, and comprehensive software risk management. Quectel is also participating in the formulation of new industry security certification standards, such as the CTIA Cybersecurity Certification Working Group and pursuing additional cyber security certifications from various U.S. entities as new standards are formulated and adopted.
Qualcomm manufactures the chipsets and software platforms that are at the core of the Quectel modules. “Our Qualcomm partnership underlines the importance we place on working with well-trusted and secure partners from across the ecosystem to deliver high-quality solutions globally,” Mr. Muhrer continues. “Quectel's impact on the global IoT industry is profound. We supplied millions of cellular modules to support the distribution of Covid-19 vaccines for leading U.S. and global organizations including Pfizer, Johnson & Johnson, and other leading suppliers of vaccines. This underscores our commitment to playing a pivotal role in critical global initiatives.”
About Quectel
Quectel’s passion for a smarter world drives us to accelerate IoT innovation. A highly customer-centric organization, we are a global IoT solutions provider backed by outstanding support and services. Our growing global team of 5,900 professionals sets the pace for innovation in cellular, GNSS, Wi-Fi and Bluetooth modules as well as antennas and services.
With regional offices and support across the globe, our international leadership is devoted to advancing IoT and helping build a smarter world.
For more information, please visit: www.quectel.com, LinkedIn, Facebook, and X (formerly known as Twitter).
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230907525548/en/
Contact information
Media contact: media@quectel.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Kioxia and Sandisk Begin Production of 10th-Generation 3D Flash Memory Products at Kitakami Plant Fab23.7.2026 13:19:00 EEST | Press release
Kioxia Corporation, a subsidiary of Kioxia Holdings Corporation (TOKYO: 285A) and Sandisk Corporation (Nasdaq: SNDK) today announced the start of production for their 10th-generation 3D Flash memory technology at Fab2 (K2) at the Kitakami Plant in Iwate Prefecture in Japan. The milestone comes as the companies continue to drive meaningful, multi-year bit growth to address the strong demand for their innovative flash memory technology. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260702296115/en/ Unveiling ceremony for the K2 facility In conjunction with the start of production, the companies held an unveiling ceremony for the K2 facility. Opening in September 2025, the facility has produced the companies’ 8th-generation 3D flash memory products and will begin to scale production with the introduction of their 10th-generation products. Both generations of 3D flash memory adopt innovative CBA (CMOS directly Bonded to Array)
VeriSilicon Introduces CPP2000 Camera Post-Processing IP for Embodied Robotics and Mobile Vision Applications3.7.2026 13:02:00 EEST | Press release
VeriSilicon (688521.SH) today announced its high-performance CPP2000 Camera Post-Processing (CPP) IP, expanding the company’s Image Signal Processing (ISP) solutions with advanced post-processing capabilities. By improving image quality and visual perception in mobile imaging scenarios, CPP2000 enables more reliable vision performance in robotics, drones, and other mobile vision applications. CPP2000 integrates multiple image processing technologies and can further optimize YUV images output from image signal processors. The IP supports image and video processing at up to 8K resolution and offers multiple hardware configuration options to meet diverse requirements in Power, Performance, Area (PPA), and latency across different applications. CPP2000 leverages the combined operation of multiple image processing technologies, including motion-compensated temporal filtering, advanced spatial noise reduction, chroma adjustment and dynamic contrast improvement, and edge enhancement. Together
Messer Acquires Singapore-Based Industrial Gas Platform; Japan Corporate Advisory Institute Advises Sellers3.7.2026 12:11:00 EEST | Press release
Messer, the world’s largest privately held specialist for industrial, medical, electronic and specialty gases, has acquired WKS Group, a Singapore-based industrial gas platform with operations across Singapore and southern Malaysia. Transaction terms were not disclosed. Messer reported consolidated sales of approximately EUR 4.5 billion for its 2025 financial year. Founded in Singapore in 1977, WKS Group comprises six companies and employs approximately 195 people across Singapore and southern Malaysia. The acquisition expands Messer’s operating footprint in Southeast Asia and strengthens its access to key industrial clusters across the region. “We are pleased to have completed this transaction with Messer, whose strategic vision makes them an excellent partner for WKS Group,” said Mr. Wong Koh Hoi, shareholder of WKS Group. “We appreciate JCAI’s professionalism and dedication throughout the process, and their expertise was instrumental in achieving a successful outcome.” Japan Corpora
Access Advance Welcomes Meta Platforms, Inc. and Alibaba Group to the Video Distribution Patent Pool3.7.2026 02:00:00 EEST | Press release
Access Advance LLC today announced that Meta Platforms, Inc., one of the world's largest distributors of video content across its Facebook, Instagram, Threads, and WhatsApp services, has joined the Video Distribution Patent Pool (VDP Pool) as a Licensee. Meta also joined both the HEVC Advance and VVC Advance pools as a Licensee. Alibaba Group, whose video infrastructure spans a wide range of video-based services across e-commerce, entertainment, and digital media platforms, was also announced as a VDP Pool Licensee this week. Meta and Alibaba joining the VDP Pool further reinforces the program’s market leading position in resolving the licensing issues around the use of modern video codecs, including VP9, AV1, HEVC and VVC, across all the diverse business models of internet video streaming. "A significant U.S.-based company like Meta joining as a Licensee is a milestone moment for the content distribution business and the VDP Pool," said Peter Moller, CEO of Access Advance. "Meta reach
Kioxia Commences Sample Shipments of 10th-Generation BiCS FLASH™ Devices Delivering High Performance, High Capacity and Low Power Consumption3.7.2026 02:00:00 EEST | Press release
Kioxia Corporation, a world leader in memory solutions, today announced that it has commenced sample shipments of 1Tb (terabit) Triple-Level-Cell (TLC) memory devices utilizing its 10th-generation BiCS FLASH™ 3D flash memory technology.1 These will be primarily integrated into the company’s enterprise and data center SSDs, strengthening Kioxia’s lineup to meet the growing demand for AI storage, which requires higher performance, higher capacity, and lower power consumption. These new products will be manufactured using state-of-the-art equipment at Kioxia’s Kitakami Plant Fab2 facility in Iwate Prefecture, Japan. By leveraging innovative CMOS directly Bonded to Array (CBA) technology2 and On-Pitch Select Gate Drain (OPS) technology,3 both adopted since the 8th-generation BiCS FLASH™, the 10th-generation technology achieves a NAND interface speed of 4.8 Gb/s,4 a 33% improvement over the 8th generation. Bit density has increased by 59% by stacking 332 layers and improving lateral density
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
