Cellebrite buys Corellium to help cops bust phone encryption – Source: go.theregister.com

Cellebrite has announced a $170 million deal to buy Corellium, bringing together two companies that have made names for themselves by helping law enforcement break into encrypted devices.

Corellium is an oddity in the security world, having faced down Apple in a multi-year legal battle that saw the iGiant first try to buy the company, then sue it for copyright infringement. The startup’s tech spins up fully functional virtual instances of iOS and Android, letting researchers prod mobile systems for bugs, jailbreak paths, and malware, all without touching the original device.

The virtualization shop was co-founded by Australian émigré Chris Wade, who will join Cellebrite as chief technical officer, and David Wang, formerly of Australian security firm Azimuth. Wang was reportedly involved in the FBI’s effort to unlock an iPhone belonging to one of the San Bernardino shooters after a December 2015 attack that killed 14 people. The FBI wanted Apple to crack the phone, but Cupertino refused, claiming it couldn’t do so without building a backdoor, and argued in court that it shouldn’t be forced to.

Wang reportedly broke into the killer’s phone with other Azimuth Security researchers, and he and Wade set up Corellium together afterward. Apple allegedly tried to recruit Wang, who declined, and then Cupertino entered into a four-year legal battle with the biz claiming the startup’s virtualization code infringed on its IP. Wang left Corellium in 2021, and the two parties settled in 2023.

Wade drew attention when he was pardoned by President Trump in 2020 for unspecified crimes (the case files are still sealed). It has since emerged that in the Noughties, he was arrested for creating bots to send out spam, and as part of an agreement with law enforcement, spent more than a decade helping them with their inquiries. He’s now been appointed as CTO of Cellebrite following the acquisition.

• Cellebrite got into Trump shooter’s Samsung device in just 40 minutes
• Signal app’s Moxie says it’s possible to sabotage Cellebrite’s phone-probing tools with booby-trapped file
• Report: Aussie biz Azimuth cracked San Bernardino shooter’s iPhone, ending Apple-FBI privacy standoff
• Apple warns ‘extremely sophisticated attack’ may be targeting iThings

“The combination of Cellebrite’s commitment to innovation and its focus on public safety and security made this the perfect home for our people and our technology,” he said in a canned statement.

“With Cellebrite’s offerings, users have ‘blueprints’ — technical schematics of what is on a device. With the addition of Corellium’s technology, users will virtually walk through the device, explore every room and open every door safely and without altering a thing in a forensically sound manner.”

The deal will make the combined companies one of the largest white-hat hacking concerns in the world. Israeli-founded Cellebrite has contracts with Western law enforcement to undertake legal hacking, and Corellium’s virtualization tech is only going to bring more punters in.

“The deal is expected to close this summer, subject to approval of the Committee on Foreign Investment in the United States and other customary closing conditions,” a Cellebrite spokesperson told The Register.

“Chris helped preserve US national security through his genius. We are incredibly fortunate to have a visionary joining our leadership team to help accelerate our innovation engine.” ®