Cellebrite, the Israeli firm responsible for one of the world’s most famous iPhone hacking tools, has acquired Corellium, the company best known for creating virtual iPhones used in security research. This is huge news.
Apple once tried to shut Corellium down
Today’s $200 million deal brings together two powerful (and controversial) forces in the mobile forensics world, and is likely to make Apple’s challenge of locking down iOS even harder.
Corellium’s platform has long been used by white-hat hackers and researchers to test iOS exploits without needing physical hardware. It was so effective that Apple once sued to shut it down, arguing that virtualizing iOS posed a security risk and copyright infringement.
In 2020, the lawsuit failed after the court ruled that Corellium’s use of iOS constituted fair use. Apple later appealed, and lost again before confidentially settling the dispute.
Mirror, mirror
Now, Corellium’s capabilities are going straight into the hands of Cellebrite, whose extraction tools are already used by police agencies around the world, including ICE.
The combined company says it’s working on a new product called Mirror, which Forbe says will:
“Enable police to make a virtual version of a seized device and all the data that’s on it. Wade thinks it’ll help prosecutors show a jury exactly what’s on a criminal’s phone, presenting more compelling evidence compared to screenshots from technical-looking forensic tools.”
Corellium’s founder, Chris Wade, who was pardoned by Donald Trump for unrelated cybercrime charges, is now Cellebrite’s CTO.
He says the combined tools could also help detect spyware by using AI to spot “foreign code” running inside a virtual OS, a move that could appeal to both law enforcement and cybersecurity researchers.
While Apple has come around on virtualization since its early battles with Corellium, now even offering native APIs for it, today’s news reframes the fight.
The question is no longer whether iOS should allow for virtualization, but rather how useless Apple can render physical access to its devices.
FTC: We use income earning auto affiliate links. More.
