Israel’s Cellebrite is opening its wallet — and a fresh chapter — with a bold $170 million cash offer for Corellium, the U.S.-based firm known for its virtualization software and legal battles with Apple. The deal includes $20 million in equity and could balloon by another $30 million if performance milestones are met in the next two years.
The acquisition, pending approval from the Committee on Foreign Investment in the U.S. (CFIUS), is expected to close this summer. If approved, it could reshape Cellebrite’s future, both technically and reputationally.
Virtualizing the Future of Forensics
Cellebrite, best known for its mobile data extraction tools used by law enforcement, is looking to go beyond the courtroom and tap deeper into tech development and cybersecurity.
Corellium’s virtualization tools simulate iOS, Android, and other ARM-based systems, allowing security researchers, devs, and even carmakers to test software without touching physical devices. It’s a neat trick — and one that Apple didn’t appreciate. More on that later.
With Corellium in the mix, Cellebrite says it’ll now be able to serve clients outside its traditional lanes of law enforcement and eDiscovery. The company sees major potential in automotive cybersecurity, mobile app testing, and IoT development.
And for public sector clients?
• Corellium’s platforms will deepen Cellebrite’s toolkit for digital forensics, vulnerability research, and mobile threat simulation — particularly for defense and intelligence customers.
“This is about more than forensics,” said a Cellebrite exec in the company’s statement. “We’re looking at the future of secure software development, cyber resilience, and proactive threat assessment.”
A Checkered History, a High-Stakes Move
For all its ambition, Cellebrite brings baggage. The Israeli digital intelligence firm has long attracted scrutiny over how its tools — especially the Universal Forensic Extraction Device (UFED) — are used.
Human rights watchdogs, including Amnesty International and Access Now, have criticized the sale of Cellebrite products to countries with troubling track records. Earlier this year, Amnesty reported that Serbian police used Cellebrite’s tools alongside exploits to track activists.
Cellebrite says it pulled out of problematic markets and reiterates that its products are not designed for surveillance.
Still, the reputational damage lingers. Tech critics have called for stricter export controls and more transparency from the company. Cellebrite, meanwhile, continues to insist that ethical use of its tools is paramount.
“We have clear policies in place and a rigorous compliance process,” the company said in a past statement. But let’s be honest — controversies like these don’t just fade away.
Corellium’s Apple Saga Still Echoes
Corellium isn’t exactly scandal-free, either.
In 2019, Apple came at them hard with a lawsuit, alleging copyright infringement. Apple argued Corellium was offering access to iOS without owning an Apple device and that it posed a security risk. The case ended in a partial win for Corellium — a judge threw out some claims, and the rest was settled out of court.
Despite the legal wrangling, Corellium has carved out a reputation in the infosec community for giving researchers a way to test real-world mobile environments safely.
In fact, for many white-hat hackers and security teams, Corellium is essential.
“You can’t patch what you can’t test,” one cybersecurity analyst told us. “And Corellium lets you break things without breaking anything important.”
Now that it’s being folded into Cellebrite — a firm some researchers avoid — some security pros are raising eyebrows.
What This Means for Cellebrite’s Market Reach
This acquisition isn’t just about new tech. It’s about opening new doors — and fast.
Cellebrite has mostly been associated with:
-
Law enforcement and government agencies
-
Corporate investigation and eDiscovery
-
Mobile forensics and data recovery
By adding Corellium, the company can now reach into new sectors:
| Sector | How Corellium Helps |
|---|---|
| Automotive | Simulating infotainment and telematics systems for vulnerabilities |
| IoT Security | Testing smart devices in isolated virtual environments |
| App Development | Running iOS and Android simulations for QA and bug hunting |
| Defense R&D | Safely testing malware and threats in secure environments |
This also puts Cellebrite in closer competition with cybersecurity firms and cloud simulation vendors, not just digital forensic peers like Magnet Forensics.
Is It a Risk Worth Taking?
Possibly. But it’s not risk-free.
The CFIUS review looms large. Given Cellebrite’s origin and Corellium’s U.S. base — plus the history of data-sensitive products — the U.S. Treasury’s committee is expected to take a close look.
There’s also the culture clash to consider. Cellebrite, focused on criminal investigation tech, and Corellium, a darling among privacy-conscious researchers, may struggle to align.
One researcher put it bluntly: “If Corellium tech ends up used in surveillance or repression, even indirectly, that’s going to burn a lot of bridges.”
And then there’s Apple. It hasn’t commented on the deal, but you can bet Cupertino is watching closely.
The Bigger Picture: Consolidation in Cyber
This deal fits into a broader trend: security tech consolidation.
Companies are bundling capabilities to keep up with increasingly fragmented and fast-moving threats. Virtualization, mobile forensics, AI, endpoint security — the lines are blurring.
In that context, Cellebrite’s move makes sense. It wants to evolve. But evolution has its costs.
Corellium gives it technical credibility. Whether it brings goodwill — or fuels more backlash — depends on how Cellebrite handles the integration.
Summer can’t come soon enough.
