Cellebrite to acquire mobile testing firm Corellium in $200 million deal
Security technology company Cellebrite has announced plans to acquire Florida-based mobile testing startup Corellium for $170 million in cash, with an additional $20 million converted to equity at closing and the potential for $30 million more based on performance milestones.
The Israel-headquartered Cellebrite, known for its forensic equipment that unlocks smartphones, said the acquisition would enhance its capabilities for the accelerated identification of mobile vulnerabilities and exploits. The company’s technology often leverages unknown vulnerabilities, including zero-day exploits, to access encrypted data stored on mobile devices.
Corellium provides virtual, cloud-based Android and iOS devices for application and security testing. This technology allows researchers and developers to test software without physical devices, creating virtual environments that simulate actual mobile operating systems.
A Cellebrite spokesperson indicated that the deal is expected to close later this year, pending review from the Committee on Foreign Investment in the United States (CFIUS), which evaluates corporate transactions that could affect national security.
The combined companies aim to offer enhanced solutions for customers across public safety, intelligence, defense, and private sectors. These solutions would include advanced tools for identifying mobile vulnerabilities, virtual device interaction, improved DevSecOps solutions, and mobile penetration testing capabilities.
Both companies have faced controversy in recent years. Cellebrite has drawn attention for its mobile forensic tools being used in spyware campaigns that exploit zero-day vulnerabilities. Meanwhile, Corellium was sued by Apple in 2019 for copyright infringement related to its product that replicates the company’s iOS operating system.
That legal battle concluded after a U.S. appeals court ruled in Corellium’s favor in May 2023, with the companies reaching a confidential settlement later that year. Documents revealed during the lawsuit showed that Corellium had engaged with controversial entities, including spyware developer NSO Group.
The acquisition represents a significant consolidation in the mobile security and forensics sector, bringing together two companies with complementary technologies that are used by government agencies and private organizations worldwide for data extraction, security research, and vulnerability testing.
Security experts note that such tools exist in a complex space between legitimate security research and potential surveillance capabilities, raising ongoing questions about the balance between security, privacy, and law enforcement’s access to encrypted data.
